Hi! On Sun, 2016-05-22 at 10:41:56 +0200, Christian Seiler wrote: [… useful overview …]
I've tried to condense this and the other message on the other thread to extend the dpkg-buildflags(1) man page. Attached the patch I'm intending to apply. Let me know if you have other suggestions, improvements, wording tweaks, etc. Thanks, Guillem
From d3a6f97736bade62a8945f91c22593f22f3e2ae4 Mon Sep 17 00:00:00 2001 From: Guillem Jover <guil...@debian.org> Date: Sun, 22 May 2016 19:20:04 +0200 Subject: [PATCH] man: Document interaction between PIE and libraries Prompted-by: Christian Seiler <christ...@iwakd.de> --- man/dpkg-buildflags.1 | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1 index ac2489e..47b77d8 100644 --- a/man/dpkg-buildflags.1 +++ b/man/dpkg-buildflags.1 @@ -362,6 +362,36 @@ locations to bounce off of during a memory corruption attack. This is not compatible with \fB\-fPIC\fP so care must be taken when building shared objects. +Static libraries can be used by programs or other shared libraries. +Depending on the flags used to compile all the objects within a static +library, these libraries will be usable by different sets of objects: + +.RS +.TP +none +Cannot be linked into a PIE program, nor a shared library. +.TP +.B \-fPIE +Can be linked into any program, but not a shared library. +.TP +.B \-fPIC +Can be linked into any program and shared library. +The resulting program might be slightly slower and bigger in case +\fBbindnow\fP is not in use. +.RE + +.IP +Unconditionally passing \fB\-fPIE\fP, \fB\-fpie\fP or \fB\-pie\fP to a +build-system using libtool is safe as these flags will get stripped when +building shared libraries. +Otherwise on projects that build both programs and shared libraries you +might need to make sure that when building the shared libraries \fB\-fPIC\fP +is always passed last (so that it overrides any previous \fB\-PIE\fP) to +compilation flags such as \fBCFLAGS\fP, and \fB\-shared\fP is passed last +(so that it overrides any previous \fB\-pie\fP) to linking flags such as +\fBLDFLAGS\fP. + +.IP Additionally, since PIE is implemented via a general register, some register starved architectures (but not including i386 anymore since optimizations implemented in gcc >= 5) can see performance losses of up to -- 2.8.1
