Hi. On Sat, 15 Apr 2017 14:39:49 +0000 (UTC) Neoklis Kyriazis <nkcy...@yahoo.com> wrote:
> > >They patched gcc to produce PIE by default - and that's one of Debian > >stretch release goals. See: > > > >https://wiki.debian.org/Hardening/PIEByDefaultTransition > > > Ah thanks! New to Debian so I was not aware of this. My problem though > is that filers like ROX and pcmanfm do not start PIE executables by > clicking on them because they are seen as shared objects. Yes, that's known problem. I recall seeing some heated discussions about it, but cannot find the links (was it PIE for Mozilla's built Firefox? - my memory fails me). The current consensus for graphical file managers on this seems to be 'yes, PIE executables are broken in this regard, but developer should provide a .desktop file anyway'. Not that I agree with such approach (on graphical file managers, PIE is ok idea), but they took it. > Anyhow, I expect there are now recommended CFLAGS for gcc when compiling > binaries for Debian, right? For 3 last major releases at least. Run 'dpkg-buildflags --get CFLAGS' to see them. And don't forget 'dpkg-buildflags --get LDFLAGS' for the linker. Please note then one's using so called 'sane' build system (autotools, cmake, etc) - the debhelper usually takes care of recommended CFLAGS and LDFLAGS by itself. Reco
