Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Peter S. Mazinger" <ps.m@×××.net>
To: gentoo-hardened@l.g.o
Subject: Re: pieworld (was Re: [gentoo-hardened] TESTING kevquinn_overlays: amd64 hardened gcc - (bugzilla is down, i hope the mails are not))
Date: Tue, 23 Jan 2007 01:54:25
Message-Id: Pine.LNX.4.44.0701230241570.4004-100000@lnx.bridge.intra
In Reply to: pieworld (was Re: [gentoo-hardened] TESTING kevquinn_overlays: amd64 hardened gcc - (bugzilla is down, i hope the mails are not)) by "Kevin F. Quinn"
1 On Thu, 18 Jan 2007, Kevin F. Quinn wrote:
2 [...]
3 > > > The way to build a PIE, as I understand it, is to:
4 > > >
5 > > > (1) compile all objects -fPIE
6 > > > (2) link with -fPIE -pie
7 > >
8 > > (2) link with -pie (-fPIE does not/should not influence linking)
9 >
10 > I would have thought so, however gcc info says:
11 >
12 > `-pie'
13 > Produce a position independent executable on targets which support
14 > it. For predictable results, you must also specify the same set
15 > of options that were used to generate code (`-fpie', `-fPIE', or
16 > model suboptions) when you specify this option.
17 >
18 > so I was just following that advice. I suspect it makes no difference
19 > on x86, amd64, ppc - but perhaps it does on some platforms.
20
21 -fPIE|-fpie is only for compiling, -pie applied to gcc propagates to ld as
22 well (and chooses the right crt files.
23 I cant remember seeing -fPIE propagated to ld, try to provide it to ld and
24 it will fail, so gcc filters it out
25
26 > I think that when linking, the gcc driver also processes the cc1 spec,
27 > (where you've added ${pie:-fPIE}) so our default is to add '-fPIE -pie'
28 > anyway.
29 I have added -pie compile option for consistency to have gcc -pie do
30 proper compiling and linking (piepatch/nondef/*), vanilla gcc will ignore
31 -pie for compile and propagates it to ld on linking
32 [...]
33 >
34 > Why would anyone link a lib*.a into a shared library? Surely you would
35 > just link to the .so?
36 because maybe a shared version is not present at all
37
38 > stuff, to check the configure fix. If libstdc++.a is acceptable -fPIE
39 > then I think we're fine - if you really need it -fPIC, then that
40 > implies you're linking it into shared libraries which is strange.
41 true for all libs having also .so counterparts, then it is expectable that
42 shared libs (in fact everything non-static) links against .so
43
44 Peter
45
46 --
47 Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
48 Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
49
50 --
51 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups