Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Peter S. Mazinger" <ps.m@×××.net>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] TESTING kevquinn_overlays: amd64 hardened gcc - (bugzilla is down, i hope the mails are not)
Date: Mon, 18 Dec 2006 10:57:32
Message-Id: Pine.LNX.4.44.0612181138000.5249-100000@lnx.bridge.intra
In Reply to: [gentoo-hardened] TESTING kevquinn_overlays: amd64 hardened gcc - (bugzilla is down, i hope the mails are not) by Alexander Gabert
1 On Tue, 12 Dec 2006, Alexander Gabert wrote:
2
3 > Kevin: this is the build failures, i would have made them end up adding
4 > into bugzilla but one of us both wasn't awake.
5 >
6 > PSM: if you're reading up: i don't have a clue.
7 >
8 > In the meantime, working with bugs.g.o. it's getting a real hassle, so
9 > can someone please kick that pos in the shins so we can work on bugs
10 > again? TIA
11 >
12 > I think we should have a talk or two and maybe a test case for building
13 > that libiberty on all arches with either PIC or PIE code.
14 > I honestly don't care howe we build it, i just want it to work on all
15 > Gentoo supported arches for hardened.
16 >
17 > For those of you having issues with the file: here is the log for pitr
18 > and miranda:
19 >
20 > http://dev.gentoo.org/~pappy/tmp/amd64-pie-libiberty-failure.txt
21
22 It seems some of you are mixing up PIC and PIE. For the record, there are
23 no PIE libraries and if you want to run a hardened box where each file is
24 text relocation free, then you have to compile all code that goes to
25 libraries (even into lib*.a) with -fPIC|-fpic. To quickly check this
26 statement, compile some object with -fPIE, put into libx.a and compile a
27 shared lib with -fPIC using code from libx.a. readelf -d shared_lib | grep
28 TEXTREL.
29
30 The pie patches compile everything with -fPIE unless -fPIC was used, the
31 app itself has to take care (and most apps using libtool do it by using
32 -fPIC -DPIC) that code that goes into libs is -fPIC compiled. libtool
33 fails only in cases where configure does not recognize correctly the
34 target (thats why gnuconfig_update/libtoolize are needed).
35
36 Some will argue, that it does not make sense to compile code in lib*.a
37 with -fPIC. Those shouldn't use hardened, because they end up with text
38 relocations and a hardened box should block text relocations either in
39 kernel (PaX feature) or libc (possible with uClibc, but not glibc)
40
41 Peter
42
43 --
44 Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
45 Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
46
47 --
48 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] TESTING kevquinn_overlays: amd64 hardened gcc - (bugzilla is down, i hope the mails are not) "Kevin F. Quinn" <kevquinn@g.o>
Report Message
Find on MARC Find on Google Groups