| 1 |
On Tue, Dec 05, 2017 at 05:48:52PM -0500, Walter Dnes wrote: |
| 2 |
> I'm looking at going with... |
| 3 |
> |
| 4 |
> CFLAGS="-O2 -march=native -mfpmath=sse -fomit-frame-pointer -pipe -fno-pic -fno-PIC -fno-pie -fno-unwind-tables -fno-asynchronous-unwind-tables" |
| 5 |
> CXXFLAGS="${CFLAGS}" |
| 6 |
|
| 7 |
Hmm ... is this really sufficient? In order to really not get a PIE |
| 8 |
compiled, doesn't one also has to tell the linker about it? Testing on |
| 9 |
a system that's already been upgraded to a GCC which produces PIEs by |
| 10 |
default: |
| 11 |
|
| 12 |
nils@boerne (GCC7) ~ $ gcc test.c |
| 13 |
nils@boerne (GCC7) ~ $ file a.out |
| 14 |
a.out: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, not stripped |
| 15 |
|
| 16 |
-> As expected, this is a PIE ("ELF 32-bit LSB shared object"). |
| 17 |
|
| 18 |
ils@boerne (GCC7) ~ $ gcc -fno-pie test.c |
| 19 |
nils@boerne (GCC7) ~ $ file a.out |
| 20 |
a.out: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, not stripped |
| 21 |
|
| 22 |
-> Despite "-fno-pie" being used, still a shared object / PIE. |
| 23 |
|
| 24 |
ils@boerne (GCC7) ~ $ gcc -fno-pie -no-pie test.c |
| 25 |
nils@boerne (GCC7) ~ $ file a.out |
| 26 |
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, not stripped |
| 27 |
|
| 28 |
-> Adding "-no-pie" to the game, and we get a normal "ELF 32-bit LSB |
| 29 |
executable" (i.e. non-PIE). |
| 30 |
|
| 31 |
So this might sound like you'd have to add "-no-pie" to your CFLAGS as |
| 32 |
well, however, when I have a look at this bug report: |
| 33 |
|
| 34 |
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77464 |
| 35 |
|
| 36 |
I get the feeling that this is just asking for trouble. |
| 37 |
|
| 38 |
Now, if I wanted to switch to a 17.0 profile, and still make sure |
| 39 |
everything stays the way it was before PIE-wise (i.e. binaries get |
| 40 |
compiled as non-PIE by default), I'd probably have a look instead at |
| 41 |
overriding the "pie" USE flag that the new profile forces on GCC. It |
| 42 |
should be able to set it to "-pie" in your local portage config. That |
| 43 |
way, GCC should continue to be build with "--disable-default-pie", |
| 44 |
which should make it emit normal non-PIE binaries by default, thus you |
| 45 |
wouldn't have to specify anything PIE-related in your CFLAGS to |
| 46 |
achieve just that. Might be the easier solution, I guess. |
| 47 |
|
| 48 |
Greetings |
| 49 |
Nils |
Archives