Ian,
Many thanks for your comments!
You should not use -D_FORTIFY_SOURCE or -fstack-protector when building
glibc or any target library which is part of gcc. It's OK to use them
when building gcc itself, as long as the definition doesn't leak through
to any target libraries (e.g., libgcc, libstdc++).
"Leaking" is *exactly* what was happening and is the reason I've had so
many problems when building glibc! I disabled all but "-O2" options when
building the toolchain and it worked, though I wasn't sure if that was
the right course of action. When I build my software I always enforce
the above options.
And then there is the issue with building the 'regular' software -
should I enable or use these options (or can I, provided that I
compiled my toolchain without them, assuming that I also used
"--disable-libssp" as well?) and if so what of the above options
should I use?
The software I need to build is a mixture of the kernel itself and
regular programs, so I don't know whether to use the above options?
Many thanks in advance for the advice given!
I would not expect -D_FORTIFY_SOURCE to make any difference when
building the kernel, unless the kernel provides some special semantics
for it. In general it's perfectly reasonable to use -D_FORTIFY_SOURCE
when building an application program. It will compile the program to
use code which is slightly slower but is less vulnerable to buffer
overflows in some cases.
Noted. That was my gut feeling as well.
I don't know whether you can use -fstack-protector when building the
kernel. In general it's perfectly reasonable to use when building an
application program. It will cause the program to use code which is
slightly slower but which detects stack buffer overflows in some cases.
I will try the basic options first and see what happens and if it works
as expected then will try and include these extra parameters.
I have just finished a more thorough testing on my toolchain today and
am absolutely delighted that it works! The extra "features" present in
the compiled executables and library files ("unknown capabilities") as
given by "file" do not have any effect it seems, though I read somewhere
that it is to do with the float-point emulation (hw/sw).
My real works starts now to try and build my software image for the new
architecture and that will be a farily long process, hope to be a
success. Many thanks for your input so far!!!
MZ
