| 1 |
Kevin F. Quinn wrote: |
| 2 |
|
| 3 |
>On 23/8/2005 9:37:13, Natanael Copa (mlists@××××××.org) wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
>>I am trying to build klibc in an hardened environment. The ssp causes |
| 7 |
>>some problems. I wonder how I can turn off the ssp while compiling |
| 8 |
>>klibc? I have tried USE="-hardened" CFLAGS="-fnostack-protector" but it |
| 9 |
>>looks like the -fno-stackprotector option never is used. What can I do |
| 10 |
>>to compile klibc in my hardened environment? Turning off SSP is ok. It |
| 11 |
>>will only be used for initramfs anyway. |
| 12 |
>> |
| 13 |
>> |
| 14 |
> |
| 15 |
>USE="-hardened" won't do anything as the klibc ebuild doesn't look at the hardened |
| 16 |
>use flag (nor should it). I suspect that klibc is not honouring the environment |
| 17 |
>CFLAGS - doing "CFLAGS="-fno-stack-protector" should work (note that there |
| 18 |
>are dashes between no, stack, and protector). |
| 19 |
> |
| 20 |
> |
| 21 |
|
| 22 |
It does not. That was one of the first things I tried. |
| 23 |
|
| 24 |
>First off, file a bug on bugs.gentoo.org. |
| 25 |
> |
| 26 |
> |
| 27 |
|
| 28 |
I thought it could be nice having a solution before filing a bug. I |
| 29 |
posted here because I thought some here had been into something similar. |
| 30 |
Does none of the hardened ppl do initramfs? |
| 31 |
|
| 32 |
>The simple way to switch off SSP is to switch to a no-ssp compiler; do |
| 33 |
>'gcc-config -l' to see what you have available, then use gcc-config to choose |
| 34 |
>either the vanilla or -nossp version. Use this version to build initramfs as |
| 35 |
>well. Don't forget to switch back after you've finished. |
| 36 |
> |
| 37 |
> |
| 38 |
|
| 39 |
I tried that too. It didnt work. |
| 40 |
|
| 41 |
>Obviously, anything built against klibc will also need to be built with ssp switched |
| 42 |
>off, as you don't have the support functions for ssp in klibc. |
| 43 |
> |
| 44 |
> |
| 45 |
|
| 46 |
What actually worked was to add -fno-stack-protector to REQFLAGS in MCONFIG. |
| 47 |
|
| 48 |
I'll file a bug. |
| 49 |
-- |
| 50 |
gentoo-embedded@g.o mailing list |
Archives