On 06/17/2016 05:38 AM, Andre McCurdy wrote:
SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify}
${SECURITY_STRINGFORMAT}"
-SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify}
${SECURITY_STRINGFORMAT}"
+SECURITY_NO_PIE_CFLAGS ?= "-fPIC -fstack-protector-strong ${lcl_maybe_fortify}
${SECURITY_STRINGFORMAT}"
I don't think this does anything useful. An executable won't be
position independent unless -pie is passed to the linker, so if
linking with -pie doesn't work, forcing all object code to be position
independent is just adding overhead with no benefit.
That's right; there is no security benefit in -fPIC alone.
Sorry for not researching this fully.
I have however disabled NO_PIE for all recipes that use it, and then
re-enabled it for those that started to fail. This uncovered a few
recipes where NO_PIE is no longer needed - at least on x86_64. Patch is
coming :)
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
