Luis Ressel <ara...@aixah.de> wrote: > Martin Vaeth <mar...@mvath.de> wrote: > >> For instance, you cannot even compile the kernel without special >> patches (which disable pie) if you use a gcc which default-enables >> pie. > > Now I'm curious. Wouldn't that also affect the hardened gcc?
I would guess so, but I did not try: I didn't use hardened gcc since years, because (a) I had to switch profiles too often because of forced pie which used to break compilation for almost every second package (some years ago). (b) -fstack-protector-all slowed down my system too much, especially since the security improvement over -fstack-protector-strong (or with older gcc versions -fstack-protector) is rather negligible. > I've never had any issues compiling vanilla-sources The experience I had reported was with the first non-beta versions of gcc-6[pie] from the hardened overlay and several (at that time current) versions of hardened-sources. I retried now with gcc-7.1.0-r1[pie] and current gentoo-sources, and it turned out that the issue does no longer exist. I do not know whether the reason is due to the change hardened-sources -> gentoo-sources, due to an upstream kernel fix, or due to a fix in the pie support of gcc (compared to the first gcc-6 versions).
