| 1 |
On 15:16 Fri 17 Dec , Christopher Schwan wrote: |
| 2 |
> On Friday 17 December 2010 14:55:03 Thomas Kahle wrote: |
| 3 |
> > On 14:22 Fri 17 Dec , Christopher Schwan wrote: |
| 4 |
> > > Mpir's configure scripts looks like its adding "-Wl,-z,noexecstack" if it |
| 5 |
> > > detects a gcc+x86/amd64 configuration - so I guess noexecstack should |
| 6 |
> > > work out of the box. If it does not I would consider this as broken. |
| 7 |
> > |
| 8 |
> > Yes, I saw that. The configure method fails directly, it just does *not* |
| 9 |
> > add the ldflag (at least when configure is run by portage). |
| 10 |
> > |
| 11 |
> > I also tried to add "-Wl,-z,noexecstack" via append-ldflags, and it is |
| 12 |
> > indeed appended as visible in the compile output, but the exec stacks |
| 13 |
> > are still there and the QA warning comes up, so I guess we can consider |
| 14 |
> > this broken and stick with your solution of patching the asm (which sill |
| 15 |
> > works fine) |
| 16 |
> |
| 17 |
> Did you read http://www.gentoo.org/proj/en/hardened/gnu-stack.xml ? The |
| 18 |
> document proposes a slightly different approach for assembler files: |
| 19 |
> |
| 20 |
> append-flags -Wa,--noexecstack |
| 21 |
|
| 22 |
Read it again now. Indeed, "-Wa,--noexecstack" also works, but the page |
| 23 |
says that patching is the preferred approach... well at least if the |
| 24 |
patches land upstream at some point. I guess it just does not matter. |
| 25 |
|
| 26 |
Cheers, |
| 27 |
Thomas |
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
-- |
| 32 |
Thomas Kahle |
| 33 |
http://dev.gentoo.org/~tomka/ |
Archives