El 18/05/14 06:47, Lennart Poettering escribió:
> On Sat, 17.05.14 12:39, Cristian Rodríguez (crrodrig...@opensuse.org) wrote:
> 
>> This is the standard* way used to pass special linker/compiler
>> flags such as -fPIE and -pie
>>
>> * "Standard" in the sense it is understood by many other
>> packages  and commonly used by distributions.
> 
> I really don't get this. Why would we build our binaries with two
> different sets of options? I mean, our stuff is generally not too
> performance critical, there are no CPU bound inner loops, hence which
> compiler options to you have in mind that we shouldn't apply to all our
> binaries anyway? What should be good for the "secure" binaries, that
> shouldn't be good enough for the others too?
> 
> Lennart
> 

OK, Let's try the attached patch instead.

-- 
Cristian
"I don't know the key to success, but the key to failure is trying to
please everybody."
>From 5a65cf524208642565df6ca65738825dc380d1be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodrig...@opensuse.org>
Date: Sun, 18 May 2014 11:46:42 -0400
Subject: [PATCH] build: Compile everything with PIE

---
 configure.ac | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configure.ac b/configure.ac
index 30ef33d..469fc2d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -176,6 +176,7 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
         -fdata-sections \
         -fstack-protector \
         -fstack-protector-strong \
+        -fPIE \
         --param=ssp-buffer-size=4])
 AS_CASE([$CFLAGS], [*-O[[12345\ ]]*],
         [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
@@ -195,6 +196,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
         -Wl,--gc-sections \
         -Wl,-z,relro \
         -Wl,-z,now \
+        -pie \
         -Wl,-fuse-ld=gold])
 AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags")
 
-- 
1.8.4.5

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to