1 |
On Tue, 12 Dec 2006, Alexander Gabert wrote: |
2 |
|
3 |
> Kevin: this is the build failures, i would have made them end up adding |
4 |
> into bugzilla but one of us both wasn't awake. |
5 |
> |
6 |
> PSM: if you're reading up: i don't have a clue. |
7 |
> |
8 |
> In the meantime, working with bugs.g.o. it's getting a real hassle, so |
9 |
> can someone please kick that pos in the shins so we can work on bugs |
10 |
> again? TIA |
11 |
> |
12 |
> I think we should have a talk or two and maybe a test case for building |
13 |
> that libiberty on all arches with either PIC or PIE code. |
14 |
> I honestly don't care howe we build it, i just want it to work on all |
15 |
> Gentoo supported arches for hardened. |
16 |
> |
17 |
> For those of you having issues with the file: here is the log for pitr |
18 |
> and miranda: |
19 |
> |
20 |
> http://dev.gentoo.org/~pappy/tmp/amd64-pie-libiberty-failure.txt |
21 |
|
22 |
It seems some of you are mixing up PIC and PIE. For the record, there are |
23 |
no PIE libraries and if you want to run a hardened box where each file is |
24 |
text relocation free, then you have to compile all code that goes to |
25 |
libraries (even into lib*.a) with -fPIC|-fpic. To quickly check this |
26 |
statement, compile some object with -fPIE, put into libx.a and compile a |
27 |
shared lib with -fPIC using code from libx.a. readelf -d shared_lib | grep |
28 |
TEXTREL. |
29 |
|
30 |
The pie patches compile everything with -fPIE unless -fPIC was used, the |
31 |
app itself has to take care (and most apps using libtool do it by using |
32 |
-fPIC -DPIC) that code that goes into libs is -fPIC compiled. libtool |
33 |
fails only in cases where configure does not recognize correctly the |
34 |
target (thats why gnuconfig_update/libtoolize are needed). |
35 |
|
36 |
Some will argue, that it does not make sense to compile code in lib*.a |
37 |
with -fPIC. Those shouldn't use hardened, because they end up with text |
38 |
relocations and a hardened box should block text relocations either in |
39 |
kernel (PaX feature) or libc (possible with uClibc, but not glibc) |
40 |
|
41 |
Peter |
42 |
|
43 |
-- |
44 |
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2 |
45 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
46 |
|
47 |
-- |
48 |
gentoo-hardened@g.o mailing list |