On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
> On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> > > The -static overrides the -pie and binaries aren't position independent
> > > anymore. Use -static-pie instead which would produce a static and
> > > position independent binary. This has been caught by clang's warnings:
> > >
> > > clang: warning: argument unused during compilation: '-pie'
> > > [-Wunused-command-line-argument]
> > >
> > > Tested with both gcc and clang after this change.
> > >
> > > Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> > > Signed-off-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
> >
> > Thanks for this!
> >
> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> >
> > --
> > Kees Cook
>
> GCC versions before 8.1 do not support -static-pie,
> while https://www.kernel.org/doc/html/next/process/changes.html says
> the minimal version is GCC 5.1.
> Is this a problem?
>
> If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
> (PIC), using -static-pie looks good to me.
Should we use this alternative, which may be more portable?
https://lore.kernel.org/all/20240504022301.35250-1-jhubbard@xxxxxxxxxx/
-Kees
--
Kees Cook
