Re: "PIE by default" transition is underway -- wiki needs updating
Hi Steve,
2016-10-25 5:31 GMT+02:00 Steve M. Robbins <steve@sumost.ca>:
> Hi,
>
> I haven't been paying close attention to the "PIE by default" [1] discussions,
> so I may have missed the memo, but: it seems the transition is underway?
GCC have been changed to enable PIE by default but dpkg has not been
changed yet.
>
> I've seen two bugs already claiming "static library foo must be compiled with
> -fPIC" -- because some reverse dependency now fails to build. But I think
> this advice is misplaced. The Ubuntu page [2] says that all you need to do is
> rebuild the library foo with the PIE-enabled compiler, then rebuild the
> depending code:
>
> Relocation Linking Failure
>
> A dynamically linked program that pulls in a static library that was not
> built with -fPIC. These give an error like:
>
> relocation R_X86_64_32 against '[SYMBOL]' can not be used when making a
> shared object; recompile with -fPIC
>
> To address these types of issues, the package providing the static object
> needs to be rebuilt (usually just a no-change rebuild against the pie-by-
> default compiler) before rebuilding the failed package.
>
>
> So it seems to me that this should be emphasized on the wiki [1]. Secondly,
I filed the original bugs with the following template, which contains
"Please", not
"must": "Please build <static lib name>.a with -fPIC"
It seems it was a mistake not emphasizing that a rebuild can also solve most of
the FTBFS bugs, and I have now updated the wiki, too.
> it seems that the proposal to change policy to encourage -fPIC on static
> libraries [3] is misplaced and should be withdrawn. Are both these
> statements accurate?
It have updated the wiki making it clear, that the Policy may not be changed.
Thanks,
Balint
>
> Thanks,
> -Steve
>
> [1] https://wiki.debian.org/Hardening/PIEByDefaultTransition
> [2] https://wiki.ubuntu.com/SecurityTeam/PIE
> [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837478
Reply to: