[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#835148: gcc-6: please enable PIE hardening flags by default on amd64 ppc64el and s390x

On Tue, 23 Aug 2016 00:25:30 +0200 Balint Reczey
<balint@balintreczey.hu> wrote:
> Package: gcc-6
> Version: 6.1.1-12
> Severity: wishlist
> Tags: patch
> 
> Dear Matthias,
> 
> As a continuation of the discussions [1][2] on debian-devel I'm
> attaching the simple patch that implements enabling the PIE
> hardening flags for a subset of the architectures.
> 
> I'm open to changing the subset, it matches the set selected in Ubuntu
> as a start, but porters may have different preferences [2].
> 
> I'm continuing with a full archive rebuild to see the amount of packages
> to be updated for the change in the default flags.
> 
> The same patch applies to gcc-5, too, if it does not get removed
> from the archive before the patch is accepted for gcc-6.
> 
> Cheers,
> Balint
> 
> [1] https://lists.debian.org/debian-devel/2016/05/msg00228.html
> [2] https://lists.debian.org/debian-devel/2016/08/msg00324.html
> 

Hi,

As per [1], please enable PIE by default on the following architectures:


 * amd64
 * arm64
 * armel
 * armhf
 * i386
 * mips
 * mips64el
 * mipsel
 * ppc64el
 * s390x

All of these architectures (except amd64+i386 with porter waivers) had
at least 2 porters supporting PIE.

Thanks,
~Niels

[1]
https://lists.debian.org/<2c67a60f-2bbb-2f4e-2ad3-cd9978fb5af0@thykier.net>
Reply to: