Hi, We noticed that PIE and immediate binding isn’t enabled for vpp:
/usr/bin/vpp: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! In the wiki page https://wiki.fd.io/view/VPP/Build_System_Deep_Dive, I see at least PIE should be enabled: vpp_TAG_CFLAGS = -g -O2 -DFORTIFY_SOURCE=2 -march=$(MARCH) \ -fstack-protector -fPIC -pie vpp_TAG_LDFLAGS = -g -O2 -DFORTIFY_SOURCE=2 -march=$(MARCH) \ -fstack-protector -fPIC -pie But in the repository, it’s not even included in the initial commit in 2015. Should we enable those hardening options? If so is vpp.mk the right place to add them? Thanks, Jin
