[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PIE + bindnow for Stretch?(Re: Time to reevaluate the cost of -fPIC?)

Hi All,

2016-05-28 23:16 GMT+02:00 Bálint Réczey <balint@balintreczey.hu>:
> Hi,
> 2016-05-18 2:21 GMT+02:00 Guillem Jover <guillem@debian.org>:
>> On Tue, 2016-05-17 at 12:08:09 +0200, Matthias Klose wrote:
>>> I'm not a fan myself for turning on hardening flags in the compiler itself,
>>> but if you do that, then dpkg issues like https://bugs.debian.org/823869
>>> need to be addressed (whether all obscure build systems picking these up, or
>>> not).
>> That bug report is not relevant in its current form, as explained
>> there.
>> If the default changes in the Debian default compiler, then I'll just
>> make the +pie option a no-op and change -pie to set -fno-PIE, so that
>> the options are only added when they are expected.
>> The difference with that request is that it would currently add
>> -fno-PIE for most packages that do not change the default flags,
>> which might break their build-systems.
> Thank you Guilllem.
> Matthias, are you OK with the resolution of #823869 and would you be
> OK with using --enable-default-pie for GCC if dpkg adopts the solution
> described above?

For the record I have opened #835146, #835148 and #835149 against dpkg
and gcc-6 with a set of proposed patches [2] which seem to work well.

[2] https://people.debian.org/~rbalint/ppa/pie-bindnow/

Reply to: