[systemd-devel] [PATCH] build: Honour SUID_CFLAGS and SUID_LDFLAGS
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon May 19 03:37:56 PDT 2014
On 18/05/14 16:47, Cristian Rodríguez wrote:
> OK, Let's try [building everything -fPIE] instead.
Hopefully things have improved since 2011, but my experience with
dbus[1] has been that this works fine on mainstream architectures, but
frequently fails on embedded architectures (arm* family, mips* family,
etc.) where various toolchain versions have been known to fail to
compile, fail to link, or worse, link binaries that sometimes or always
crash at runtime (which is hard to detect in a configure script without
breaking cross-compilation).
libtool has relatively intelligent handling of the PIE compiler flags,
so if a distro wants to enable -fPIE (or other hardening options like
-Wl,-z,relro) it's easy for that distro to enable PIE by passing
appropriate CPPFLAGS, CFLAGS, LDFLAGS, etc. to the configure script,
which works for any libtool + Autoconf + Automake project without
modification:
./configure CFLAGS=-fPIE LDFLAGS=-pie
In distributions where not all architectures have the same level of
upstream toolchain support, centralizing the decision about compiler
flags to one place (e.g. dpkg-buildflags, and previously
hardening-wrapper, in Debian) means it's possible to avoid broken flag
combinations per-architecture, without having to encode that knowledge
into each package.
S
[1] https://bugs.freedesktop.org/show_bug.cgi?id=16621
and more specifically
https://bugs.freedesktop.org/show_bug.cgi?id=16621#c9
More information about the systemd-devel
mailing list