Why -pie patch?
robert at linuxfromscratch.org
Tue Jul 11 11:28:57 PDT 2006
-fpie isn't used in the gcc specs, -fpic is. The gcc man page says -fpie and
-pie are intended to be used together, that's why the book is the way it is.
Programs perform better with -fpie than with -fpic, but -fpie can't be used
on code that will be part of a library (including package's private static
libraries). -fpie allows better optimizations to be taken advantage of.
I'm planning to clean this up a bit. -pie doesn't need to be in cflags, just
ldflags. And the specs shouldn't pass -fpic when -fpie is used; specs should
preserve vanilla behavior when -fpie or -fpic or -pie are in
command_line/cflags/ldflags. Some packages should get -fPIE while other
should get -fpie, depending on the package and the hardware platform. Fedora
has much of this figured out for me, although not with many packages.
I also want to make the specs modifications optional, so each package can be
built with the compile options you choose.
On July 11, 2006 02:51 am, Aki Tuomi wrote:
> (Sorry for double-post if such should happen, odd mailing problem)
> I was wondering why does the book instruct to patch makefiles to use
> -pie -fpie flags when they are used by default when using hardened
> Aki Tuomi
More information about the hlfs-dev