0.3 textrel

goodoldmarty at gmail.com goodoldmarty at gmail.com
Tue Dec 25 04:56:14 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>
>> The fpie, fstack-protector, and fortify_source patches are split up and don't
>> depend on eachother, so you can choose whichever ones you want. There isn't
>> another practical way to do it.
>>

> My practice is generally to replace those commands with some unique
> text-statement such as "REPLACE_ME_WITH_PIE"
> then have the user building the system run a sed expression to either
> add the -fpie or replace that with an empty statement:
> sed -i -e 's|REPLACE_ME_WITH_PIE|-fpie|g' some_file.c
> or
> sed -i -e 's|REPLACE_ME_WITH_PIE||g' some_file.c
> 
> And then this means you ideally never have to update the patch on
> changes in how the -fpie option is added.
> This puts the changes in builder-space.

Ouch... environment strings won't work better?
I cross compile for multiple arch and may not even want a toolchain on
the target. I must set a lot of specs besides fpie, etc.
The GCC guys know what they are doing. Arbitrary configuration is
necessary. Hardening is fine, but installing a (possibly broken)patch to
a perfectly good compiler is not educational, or logical, and it should
be illegal;)


Marty B.





- --
Putting Microsoft in a computer is like putting screen doors in a
submarine. Hopeless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFHcP3uodd/GHZYnVQRAmsaAKCtrJPw42EO2VLK0fTkJciR2OSnBQCgx3BX
Q9TRXJm3QHYfeCGU7o22LgM=
=ATSy
-----END PGP SIGNATURE-----



More information about the hlfs-dev mailing list