| 1 |
Title: GCC 6 defaults to USE="pie ssp" |
| 2 |
Author: Matthias Maier <tamiko@g.o> |
| 3 |
Content-Type: text/plain |
| 4 |
Posted: 2017-05-07 |
| 5 |
Revision: 1 |
| 6 |
News-Item-Format: 1.0 |
| 7 |
Display-If-Installed: >=sys-devel/gcc-6.3.0 |
| 8 |
Display-If-Keyword: amd64 |
| 9 |
|
| 10 |
In Gentoo, several GCC features can be default disabled or enabled |
| 11 |
via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already |
| 12 |
enabled default SSP [1]. Since the PIE patchset for default position |
| 13 |
independent executable support was integrated upstream [2,3], starting |
| 14 |
with gcc-6.3 we are also enabling PIE by default (via a default-enabled |
| 15 |
use-flag pie) in regular (non-hardened) profiles. |
| 16 |
|
| 17 |
[Additionally, following Gentoo policies, the default-off use-flags |
| 18 |
nopie (only present in Hardened) and nossp are replaced starting with |
| 19 |
gcc-6 by default-on use-flags pie and ssp.] |
| 20 |
|
| 21 |
Be advised that switching from an older version to GCC 6 will enable the |
| 22 |
PIE feature by default. This should not cause many problems, but it may |
| 23 |
be necessary to recompile parts of your userland. An indicator are |
| 24 |
linker errors of the form [4] |
| 25 |
|
| 26 |
relocation R_X86_64_32 against `.rodata.str1.1' can not be used when |
| 27 |
making a shared object; recompile with -fPIC |
| 28 |
|
| 29 |
[1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html |
| 30 |
[2] https://gcc.gnu.org/gcc-6/changes.html |
| 31 |
[3] A big thanks to all developers and members of the Gentoo community that |
| 32 |
made upstreaming the pie patchset and other hardening options possible! |
| 33 |
[4] https://bugs.gentoo.org/617698 |
Archives