On Mon, Apr 28, 2008 at 12:35:51PM -0700, Kees Cook wrote: > Hi Jörg, > > On Mon, Apr 28, 2008 at 06:43:36PM +0200, Jörg Sommer wrote: > > gcc -g -O2 -Wall -g -O2 -fPIC -fPIE -fstack-protector -Wformat=2 -Wextra \ > > -D_FORTIFY_SOURCE=2 -Wl,-zrelro,-pie conftest.c > > > > but this fails on i386 and amd64. > > > > /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.2.3/../../../../lib64/crt1.o: > > relocation R_X86_64_32S against `__libc_csu_fini' can not be used when > > making a shared object; recompile with -fPIC > > /usr/lib/gcc/x86_64-linux-gnu/4.2.3/../../../../lib64/crt1.o: could not > > read symbols: Bad value > > > > Can someone of you help me? The build also fails on Sparc, but I don't > > have the config.log to tell why. I expect it's the same reason. > > hardening-wrapper isn't setting "-Wl,-zrelro,-pie" ... that command-line > is wrong. > > First, for relro, it should be "-Wl,-z,relro". "-pie" needs to be > specified on the gcc command-line, not the linker command-line, since gcc > is responsible for choosing the crt, etc. Do you know what the origin > of the -Wl addition is?
He has LD_FLAGS set to -Wl,-zrelro,-pie > This, for example, works: > gcc -g -O2 -Wall -g -O2 -fPIC -fPIE -pie -fstack-protector -Wformat=2 \ > -Wextra -D_FORTIFY_SOURCE=2 -Wl,-z,relro -o hello hello.c That seems to work for me. > Note, AFAIK, -fPIC and -fPIE is redundant: -fPIE is a subset of -fPIC. They're simular, but I don't think one is the subset of the other. Anyway, -fPIC isn't something you need, it's to make a shared library. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
