[email protected] (Jérémie Courrèges-Anglas) writes: > Stuart Henderson <[email protected]> writes:
[...] >> This tries to force PIE, which I suspect will result in broken binaries >> on arm/hppa. I think it's probably better to remove this as we enable >> PIE by default where possible, but comments from others on this would >> be welcome. Other than that it looks good to me. > > Ah, nice catch. Thinking about it, the default --enable-hardening > parameter doesn't seem to help much, does it? > > * -fno-strict-overflow - on by default with -O2 > * -D_FORTIFY_SOURCE=2 - no-op afaik > * SSP - on by default > * PIE - on by default, where applicable > > No idea about these and their usefulness on OpenBSD: > > * ld -z,relro > * ld -z,now [...] I asked for advice[1] on the tech@ mailing-list; -z relro is a no-op, and -z now doesn't bring anything to mosh. OK to import, with the following modification? [1] http://marc.info/?l=openbsd-tech&m=136597510228697&w=2 -- Jérémie Courrèges-Anglas PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494 --- Makefile.old Mon Apr 15 00:03:31 2013 +++ Makefile Mon Apr 15 00:02:58 2013 @@ -24,6 +24,7 @@ SEPARATE_BUILD = Yes CONFIGURE_STYLE = gnu +CONFIGURE_ARGS = --disable-hardening CONFIGURE_ENV = ac_cv_have_decl_htobe64=yes # upstream says 1.3 will ship with tests
