stupid newbie question
robert at linuxfromscratch.org
Sat Jul 23 10:21:03 PDT 2005
On July 23, 2005 07:27 am, Jaap Struyk wrote:
> I'am going to "melt" my server and freevo box together and decided to go
> for an Hlfs build this time.
> Building went fine but some question remains:
> I added -fstack-protector-all -pie -fpie as CCFLAGS to my .bashrc so it
> will be used every build.
> Is this stupid?
You don't need to add them to CFLAGS because there is a script in the book to
add them to gcc's default flags. Also, adding -fstack-protector-all to CFLAGS
would be a problem with glibc, and adding -fpie to CFLAGS will miscompile
every library. So, don't do that, and use the script in the book.
> Another thing, do I need grsecurity/pax in the kernel?
You don't have to. You can use other patches, or vanilla, if you want. The
grsecurity patch has a lot of nice optional features that don't reduce
performance much, so I'm not sure why you wouldn't want to use it.
More information about the hlfs-dev