| 1 |
On Sun, 2004-06-20 at 10:15, Michael Schachtebeck wrote: |
| 2 |
> Hi. |
| 3 |
> |
| 4 |
> Ned Ludd schrieb am 06/18/2004 09:52 PM: |
| 5 |
> |
| 6 |
> > On Fri, 2004-06-18 at 13:09, Michael Schachtebeck wrote: |
| 7 |
|
| 8 |
[snip] |
| 9 |
|
| 10 |
> >>!!! bad ./configure please submit bug report to bugs.gentoo.org. Include |
| 11 |
> >>your config.layout. |
| 12 |
> > |
| 13 |
> > I guess you did not read the above. |
| 14 |
> |
| 15 |
> Do you mean config.log? I did read it, but found no needfull information |
| 16 |
> there. |
| 17 |
|
| 18 |
|
| 19 |
No I ment "submit bug report to bugs.gentoo.org" |
| 20 |
|
| 21 |
> |
| 22 |
> >>If I disable LDFLAGS="-pie" in /etc/make.conf, everything works fine... |
| 23 |
> >>Any ideas how to compile apache-2.0.49-r3 with LDFLAGS="-pie"? |
| 24 |
> > |
| 25 |
> > yep... use a gcc that enables this support automaticly. The way we |
| 26 |
> > handle this now is to remove all LDFLAGS add 'hardened' to your USE |
| 27 |
> > flags and then emerge gcc. Your problem will go away after that. |
| 28 |
> |
| 29 |
|
| 30 |
> ok, I'll try it, thanks. Does the hardened USE flag only replace the |
| 31 |
> LDFLAG -pie, or even the CFLAGS -fPIC and -fstack-protector? |
| 32 |
|
| 33 |
The hardened USE flag automatically enables the equivalent of |
| 34 |
CFLAGS="-fPIE -fstack-protector-all" |
| 35 |
LDFLAGS="-Wl,-z,now -Wl,-z,relro -Wl,-z,pie" |
| 36 |
|
| 37 |
If you add -fPIC or -fPIE to your CLFAGS and don't let the gcc |
| 38 |
automatically handle it your likely to end up with text relocations any |
| 39 |
place the -shared flag is used. Avoid doing it. |
| 40 |
|
| 41 |
And the hardened profile enables such things as -fforce-addr |
| 42 |
-fomit-frame-pointer in the actually CFLAGS= |
| 43 |
|
| 44 |
> Michael. |
| 45 |
> |
| 46 |
> -- |
| 47 |
> gentoo-hardened@g.o mailing list |
| 48 |
-- |
| 49 |
Ned Ludd <solar@g.o> |
| 50 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives