[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [autoconf] Problems Configuring (C Compiler cannot produce executabl
|
From: |
Jeffrey Walton |
|
Subject: |
Re: [autoconf] Problems Configuring (C Compiler cannot produce executables) |
|
Date: |
Wed, 22 Aug 2012 00:38:02 -0400 |
On Wed, Aug 22, 2012 at 12:20 AM, Russ Allbery <address@hidden> wrote:
> Jeffrey Walton <address@hidden> writes:
>
>> I want hardened executables and shared objects. That includes ASLR,
>> which means -fPIE -pie for executables; -fPIC and -shared for shared
>> objects. According to the dialog from the GCC feature request, -fPIC and
>> -shared should be used as it appears to be a "superset" of -fPIE -pie.
>
> -fPIC is only for libraries. For executables, such as what's created by
> configure, you want -fPIE. See, for example, the documentation for how to
> deploy hardening flags in Debian (as one of many examples of distributions
> doing this that I just happen to be familiar with personally):
According to Pinksi at GCC, -fPIC can be used for both. Both -fPIC and
-fPIE produce a relocatable section. I know from experience readelf(1)
produces the same result (DYN).
When using -fPIE, the optimizer can begin optomizing sooner. Andrew
Pinski (GCC developer): "With PIE, global variables and functions are
considered to bind local while with PIC they are considered to bind
globally (aka override able)." [1]
Pinski specifically recommended -fPIC because of this situation
(inability to configure executables and shared objects separately when
using the GNU tool chain).
Jeff
[1] Request: Add -aslr switch that invokes -fPIE/-pie or -fPIC/-shared
as appropriate, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52885
- Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/21
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), suzuki toshiya, 2012/08/21
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/21
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), suzuki toshiya, 2012/08/21
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Mike Frysinger, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables),
Jeffrey Walton <=
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), suzuki toshiya, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Bob Friesenhahn, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22