[PATCH libevdev 2/2] Reintroduce -fstack-protector
Colin Walters
walters at verbum.org
Fri Sep 13 08:00:02 PDT 2013
On Fri, 2013-09-13 at 11:43 +0200, Giovanni Campagna wrote:
> I must say, I don't know why it would fail (libssp appears to be
> enabled in the build configuration!) or why it would fail for libevdev
> and not for systemd.
> CCing Colin, who is maintaining the ostree build and probably knows more.
^ gnome-continuous now
So from what I can tell the stack protector really needs the entire
system to be consistently compiled with it.
At a high level, I think components (git repositories) should feel free
to set up default warning flags and possibly use a targeted subset of
-Werror=foo. But please don't inject non-warning flags like this unless
there is a very good reason.
The right way to do -fstack-protector is to have something like
redhat-rpm-config or other global CFLAGS system controlling *all*
components.
If for example I wanted to disable the stack protector to debug
something, it becomes really tedious to track down which components have
-fstack-protector in their default configure.ac.
If you want it on as a developer just running "configure/make" manually,
it's pretty easy to make your own shell script alias that does:
env NOCONFIGURE=1 ./autogen.sh ; env CFLAGS='-fstack-protector-all -Wall
-Werror' ./configure --prefix=...
gnome-continuous is carrying patches to remove it from SPICE for this
reason.
...
Ok so I just debugged this, the reason it's failing is because tools/ is
not using -fstack-protector. Patch attached.
But please also consider dropping it per my rationale above.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-build-Also-honor-CFLAGS-in-tools.patch
Type: text/x-patch
Size: 691 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/input-tools/attachments/20130913/d453ec20/attachment.bin>
More information about the Input-tools
mailing list