Date: Mon, 7 Nov 2011 00:29:04 +0400 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: %optflags for new gcc On Sat, Nov 05, 2011 at 08:13:58PM +0400, Dmitry V. Levin wrote: > In Sisyphus, I changed gcc LINK_COMMAND_SPEC to pass -z relro to the > linker by default. That was more than 3 years ago. Don't you think this would be better done in binutils, such as to take care of packages that invoke ld directly? > In Sisyphus, I changed gcc spec to use -D_FORTIFY_SOURCE=2 and > -fstack-protector by default. That was more than 5 years ago. > There were some workarounds made in several packages, but > I don't remember any details. Wow. I did not realize you had made those changes in Sisyphus. I guess -D_FORTIFY_SOURCE=2 and -fstack-protector would cause issues when building kernel modules. Did ALT Linux receive (m)any problem reports from users trying to build additional kernel modules, such as hardware vendors'? How do you recommend we deal with this? I just took a look at http://sisyphus.ru/en/srpm/Sisyphus/gcc4.5/patches The patches to consider in this context appear to be: gcc44-alt-escalate-always-overflow.patch gcc45-alt-defaults-relro.patch gcc45-alt-defaults-stack-protector.patch gcc43-alt-spp-buffer-size.patch gcc43-alt-defaults-FORTIFY_SOURCE.patch gcc45-deb-alt-defaults-format-security.patch gcc45-deb-alt-testsuite-printf.patch gcc45-deb-alt-testsuite-format.patch Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.