Jeffrey Walton <noloader@xxxxxxxxx> writes:
> I want hardened executables and shared objects. That includes ASLR,
> which means -fPIE -pie for executables; -fPIC and -shared for shared
> objects. According to the dialog from the GCC feature request, -fPIC and
> -shared should be used as it appears to be a "superset" of -fPIE -pie.
-fPIC is only for libraries. For executables, such as what's created by
configure, you want -fPIE. See, for example, the documentation for how to
deploy hardening flags in Debian (as one of many examples of distributions
doing this that I just happen to be familiar with personally):
http://wiki.debian.org/Hardening/
--
Russ Allbery (rra@xxxxxxxxxxxx) <http://www.eyrie.org/~eagle/>
_______________________________________________
Autoconf mailing list
Autoconf@xxxxxxx
https://lists.gnu.org/mailman/listinfo/autoconf
