1 |
On Thu, 18 Jan 2007, Kevin F. Quinn wrote: |
2 |
[...] |
3 |
> > > The way to build a PIE, as I understand it, is to: |
4 |
> > > |
5 |
> > > (1) compile all objects -fPIE |
6 |
> > > (2) link with -fPIE -pie |
7 |
> > |
8 |
> > (2) link with -pie (-fPIE does not/should not influence linking) |
9 |
> |
10 |
> I would have thought so, however gcc info says: |
11 |
> |
12 |
> `-pie' |
13 |
> Produce a position independent executable on targets which support |
14 |
> it. For predictable results, you must also specify the same set |
15 |
> of options that were used to generate code (`-fpie', `-fPIE', or |
16 |
> model suboptions) when you specify this option. |
17 |
> |
18 |
> so I was just following that advice. I suspect it makes no difference |
19 |
> on x86, amd64, ppc - but perhaps it does on some platforms. |
20 |
|
21 |
-fPIE|-fpie is only for compiling, -pie applied to gcc propagates to ld as |
22 |
well (and chooses the right crt files. |
23 |
I cant remember seeing -fPIE propagated to ld, try to provide it to ld and |
24 |
it will fail, so gcc filters it out |
25 |
|
26 |
> I think that when linking, the gcc driver also processes the cc1 spec, |
27 |
> (where you've added ${pie:-fPIE}) so our default is to add '-fPIE -pie' |
28 |
> anyway. |
29 |
I have added -pie compile option for consistency to have gcc -pie do |
30 |
proper compiling and linking (piepatch/nondef/*), vanilla gcc will ignore |
31 |
-pie for compile and propagates it to ld on linking |
32 |
[...] |
33 |
> |
34 |
> Why would anyone link a lib*.a into a shared library? Surely you would |
35 |
> just link to the .so? |
36 |
because maybe a shared version is not present at all |
37 |
|
38 |
> stuff, to check the configure fix. If libstdc++.a is acceptable -fPIE |
39 |
> then I think we're fine - if you really need it -fPIC, then that |
40 |
> implies you're linking it into shared libraries which is strange. |
41 |
true for all libs having also .so counterparts, then it is expectable that |
42 |
shared libs (in fact everything non-static) links against .so |
43 |
|
44 |
Peter |
45 |
|
46 |
-- |
47 |
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2 |
48 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
49 |
|
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |