On Thu, 2015-03-12 at 10:41 -0400, Adam Jackson wrote: > We may want to revisit this, honestly. The actual proposal was just to > build executables as PIE, right? Forcing -z now is a bit more than > maybe was expected.
I've reopened the ticket and added a patch: https://fedorahosted.org/fesco/ticket/1384#comment:13 Basically this changes things so executables are always PIE and -z now, and that _hardened_build is back to 0 by default. Changing it to 1 just adds -z now to shared libs as well. As a result, most packages that set it to 0 in response to the F23 change can probably go back to not overriding it. One other change I might like to sneak in there is linking PIEs with -z nodlopen by default. It's a thing that _can_ work, but it really requires that the executable be designed with it in mind which most aren't. It'd be nice not to expose ABIs we don't mean to. - ajax -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
