stupid newbie question

Robert Connolly robert at
Sat Jul 23 10:21:03 PDT 2005

On July 23, 2005 07:27 am, Jaap Struyk wrote:
> Hello,
> I'am going to "melt" my server and freevo box together and decided to go
> for an Hlfs build this time.
> Building went fine but some question remains:
> I added -fstack-protector-all -pie -fpie as CCFLAGS to my .bashrc so it
> will be used every build.
> Is this stupid?

You don't need to add them to CFLAGS because there is a script in the book to 
add them to gcc's default flags. Also, adding -fstack-protector-all to CFLAGS 
would be a problem with glibc, and adding -fpie to CFLAGS will miscompile 
every library. So, don't do that, and use the script in the book.

> Another thing, do I need grsecurity/pax in the kernel?

You don't have to. You can use other patches, or vanilla, if you want. The 
grsecurity patch has a lot of nice optional features that don't reduce 
performance much, so I'm not sure why you wouldn't want to use it.


More information about the hlfs-dev mailing list