On Wed, 23 Nov 2016 at 02:30:24 +0100, Guillem Jover wrote:
> And although this got enabled by default in gcc-6 6.2.0-7 when PIE
> also got enabled, it seems it got disabled in 6.2.0-10 when I pointed
> out that enabling bindnow in gcc w/o enabling relro too didn't seem to
> make much sense, but then I didn't notice any rationale for the
> reversion, instead of say enabling relro too.
My understanding had been that the gcc maintainer prefers to have
"hardening" flags for packages (as opposed to non-packaged user code)
set via dpkg-buildflags rather than via compiler defaults, but PIE was
special-cased because there is no easy single option that can be added
to all gcc invocations to enable it: it is necessary to either
* rely on the build system understanding and special-casing PIC/PIE
by filtering out contradictory options, as libtool does (but most other
build systems do not) - this is how Autotools packages like dbus were
able to opt-in to PIE in jessie without breaking
* add a specs file that is sensitive to other command line options,
as dpkg now does
* set the PIE default with a low level of precedence in the compiler
itself, so that any command-line option that it is given overrides
that default
(I'm not entirely sure why we consider hardening packaged code to be so
much more important than hardening the locally-built code compiled by
our users, which changed compiler defaults like those in Ubuntu
would also give us.)
S
