On Wed, Aug 22, 2012 at 12:20 AM, Russ Allbery <rra@xxxxxxxxxxxx> wrote: > Jeffrey Walton <noloader@xxxxxxxxx> writes: > >> I want hardened executables and shared objects. That includes ASLR, >> which means -fPIE -pie for executables; -fPIC and -shared for shared >> objects. According to the dialog from the GCC feature request, -fPIC and >> -shared should be used as it appears to be a "superset" of -fPIE -pie. > > -fPIC is only for libraries. For executables, such as what's created by > configure, you want -fPIE. See, for example, the documentation for how to > deploy hardening flags in Debian (as one of many examples of distributions > doing this that I just happen to be familiar with personally): According to Pinksi at GCC, -fPIC can be used for both. Both -fPIC and -fPIE produce a relocatable section. I know from experience readelf(1) produces the same result (DYN). When using -fPIE, the optimizer can begin optomizing sooner. Andrew Pinski (GCC developer): "With PIE, global variables and functions are considered to bind local while with PIC they are considered to bind globally (aka override able)." [1] Pinski specifically recommended -fPIC because of this situation (inability to configure executables and shared objects separately when using the GNU tool chain). Jeff [1] Request: Add -aslr switch that invokes -fPIE/-pie or -fPIC/-shared as appropriate, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52885 _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
