On Thu, Jul 28, 2011 at 01:34:02PM -0700, Kees Cook wrote: > - non-PIC .a file relocation > Using PIE by default means that packages shipping non-PIC .a files > suddenly produce relocatable .a files. If a package that links against > them isn't building as PIE too, it will FTBFS. Isn't such a FTBFS a toolchain bug? There's no reason in principle why a PIC .a being linked into a non-PIE executable can't have those relocations fixed up at build time - and this has in fact always worked in the past. Or do you maybe mean the opposite, where an existing non-PIC .a tries to be linked into a PIE executable? In that case there's information missing and yes, it will fail to link. > > The current implementation in my branch is that PIE is disabled by defaut > > but if you set DEB_BUILD_HARDENING_PIE=1 then it will be used. This was > > easily done on top of the compatibility layer with > > hardening-includes/hardening-wrapper but I'm not convinced it's an > > interface we want to use for this transition. > If someone chose to build-dep on hardening-wrapper/hardening-includes, they > expect to have built PIE, so I think that the dpkg-buildflags default > should likely depend on that in some way. Although dpkg-buildflags should provide a mechanism to allow system-level configuration (perhaps through a .d directory in /etc), the difficulty of auto-enabling this upon installation of the hardening-* packages is that it means building other packages which *don't* build-depend on it will give different output in the event the hardening-* packages happen to be installed - such as on a maintainer's system. We don't want all the other packages in the archive to have to build-conflict with hardening-* to avoid "mis"builds! > There's a lot of ways to do this. I'm not sure what is best. What's > important to me is that maintainers that were using h-w/i don't suddenly > end up with builds that aren't PIE, since they explicitly chose to build > with PIE (unless they also explicitly chose to disable it). I would presume that the existing interfaces could be left in place, and dropped only when they're no longer needed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature