Gentoo Archives: gentoo-dev

From: Duncan Coutts <dcoutts@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] how to turn off hardened gcc flags reliably?
Date: Wed, 01 Mar 2006 15:38:40
Message-Id: 1141227328.17715.135.camel@localhost
1 All,
3 I'm hoping for some suggestions particularly from the toolchain and
4 hardened profile folk.
6 We have a compiler that goes via C and uses gcc as it's backend. This
7 compiler does some pretty unpleasant things with the assembler output of
8 gcc. For one thing it doesn't use the C stack. It strips off the prelude
9 and epilogue of each function. Anyway, Suffice to say that it doesn't
10 work with hardened gcc; that is both PIE and the stack protector.
12 However turning these features off (by passing -nopie
13 -fno-stack-protector to gcc) is not so easy when we consider that people
14 can upgrade their gcc or change from a vanilla to a hardened profile
15 *after* emerging ghc.
17 gcc-3 supports both -nopie and -fno-stack-protector. So always using
18 these would be ok if it were not for gcc-4 which doesn't grok
19 -fno-stack-protector.
21 If we don't use -fno-stack-protector then if someone changes from a
22 vanilla gcc profile to a hardened one then the users will get breakage
23 when they start using ghc again.
25 We could have the ghc driver script work out dynamically which flags to
26 pass to gcc to suppress the hardened stuff but I think we can all see
27 the downside to that.
29 We could say "don't switch to a hardened gcc profile - it doesn't work".
31 We could say "don't use gcc 4 - it' not supported". However this will
32 not last forever.
34 We could ask the gcc-config people for some assistance. Perhaps by
35 adding an extra env var GHC_CFLAGS that gives us the right flags. Or
36 perhaps by hooking into gcc-config to have our flags updated whenever
37 the user changes profile.
39 Does anyone have any other suggestions?
41 --
42 Duncan Coutts : Gentoo Developer (Haskell herd team lead)
43 email : dcoutts at gentoo dot org
45 --
46 gentoo-dev@g.o mailing list