Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Matthias Maier <tamiko@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2
Date: Tue, 09 May 2017 23:59:08
Message-Id: 87inl9y43x.fsf@kestrel.kyomu.43-1.org
In Reply to: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp" by Matthias Maier
1 This is a reworded news item (assuming we proceed with the plan to
2 default-enable USE=pie). Suggestions for improving the emerge command to
3 fix static archives is highly welcomed.
4
5 Matthias
6
7
8
9 Title: GCC 6 defaults to USE="pie ssp"
10 Author: Matthias Maier <tamiko@g.o>
11 Content-Type: text/plain
12 Posted: 2017-05-09
13 Revision: 1
14 News-Item-Format: 1.0
15 Display-If-Installed: >=sys-devel/gcc-6.3.0
16
17 In Gentoo, several GCC features can be default disabled or enabled
18 via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already
19 enabled default SSP [1]. Since the PIE patchset for default position
20 independent executable support was integrated upstream [2,3], starting
21 with gcc-6.3 we are also enabling PIE by default (via a default-enabled
22 use-flag pie) in regular (non-hardened) profiles.
23
24 [Additionally, following Gentoo policies, the default-off use-flags
25 nopie (only present in Hardened) and nossp are replaced starting with
26 gcc-6 by default-on use-flags pie and ssp.]
27
28 Be advised that switching from an older version to GCC 6 will enable the
29 PIE feature by default. This should not cause many problems for packages
30 involving shared libraries. However, static archives need to be rebuilt
31 (otherwise final linkage will fail [4]. You can rebuild affected packages
32 containing static archives via
33
34 # emerge --exclude 'dev-haskell/*' -1 $(find /lib* /usr/lib* -type f -name "*.a")
35
36 [1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html
37 [2] https://gcc.gnu.org/gcc-6/changes.html
38 [3] A big thanks to all developers and members of the Gentoo community that
39 made upstreaming the pie patchset and other hardening options possible!
40 [4] A typical link error reads
41 relocation R_X86_64_32 against `.rodata.str1.1' can not be used when
42 making a shared object; recompile with -fPIC

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 Alexis Ballier <aballier@g.o>
Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 Walter Dnes <waltdnes@××××××××.org>
Report Message
Find on MARC Find on Google Groups