On Sat, May 21, 2016 at 01:32:19PM -0400, Theodore Ts'o wrote: > If the pie hardening option is enabled, then dpkg-buildflags --get > LDFLAGS emits: > > -fPIE -pie -Wl,-z,relro > > According to the dpkg-buildflags man page: > > LDFLAGS > Options passed to the compiler when linking executables or > shared objects > > Unfortunate the linker will blow up if -fPIE is specified: It is documented in dpkg-buildflags(1): "This is not compatible with -fPIC so care must be taken when building shared objects." > Should I file a bug against dpkg-buildflags? Or the > hardening-includes package? hardening-includes is not related to the dpkg-buildflags hardening. > What is the suggested workaround if you > have a package that has both executables and shared libraries, and you > want to enable pie hardening for the executables? Unfortunately I don't remember if there are any sane ways to work around this. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature