0.3 textrel

goodoldmarty at gmail.com goodoldmarty at gmail.com
Tue Dec 25 04:56:14 PST 2007

Hash: SHA1

>> The fpie, fstack-protector, and fortify_source patches are split up and don't
>> depend on eachother, so you can choose whichever ones you want. There isn't
>> another practical way to do it.

> My practice is generally to replace those commands with some unique
> text-statement such as "REPLACE_ME_WITH_PIE"
> then have the user building the system run a sed expression to either
> add the -fpie or replace that with an empty statement:
> sed -i -e 's|REPLACE_ME_WITH_PIE|-fpie|g' some_file.c
> or
> sed -i -e 's|REPLACE_ME_WITH_PIE||g' some_file.c
> And then this means you ideally never have to update the patch on
> changes in how the -fpie option is added.
> This puts the changes in builder-space.

Ouch... environment strings won't work better?
I cross compile for multiple arch and may not even want a toolchain on
the target. I must set a lot of specs besides fpie, etc.
The GCC guys know what they are doing. Arbitrary configuration is
necessary. Hardening is fine, but installing a (possibly broken)patch to
a perfectly good compiler is not educational, or logical, and it should
be illegal;)

Marty B.

- --
Putting Microsoft in a computer is like putting screen doors in a
submarine. Hopeless.
Version: GnuPG v1.4.5 (GNU/Linux)


More information about the hlfs-dev mailing list