On Thu, 24 Nov 2011 08:59:32 +0100 pancake wrote: > > Why --disable-pie? I think this is main security issue here. And its > even more dangerous because its used on static bins. >
I played a bit with build system of Bifrost. Shell script (mostly grep) "B-configure-1" is used to pass building options and so on. It first checks "./configure --help" for supported options and then depending what is available specific options are passed. So if "--disable-pie" isn't found in "./configure --help" this option isn't passed. I'm not sure which tools support "--disable-pie", but I won't be surprised if number is pretty low. AFAIK "--disable-pie" is used for Quagga, which have problems with static linking otherwise. > > Looks like an interesting project. I would like to see support for > other static libcs. In fact you should be able to use bins against > bionic or againsg uclibc in the same system. > Some tools are linked against dietlibc, for example check "all/ipmask-1" in bifrost-build system (I provided link to github page earlier). Currently Bifrost build system in using chroot images provides by uClibc project, which are based on old version (year 2009) of Aboriginal Linux [1] I think. It seems that newer chroot images provides by Aboriginal can be used also - at least I created some "packages" (some required adding flag "--allow-multiple-definition" to LDFLAGS, because there is a bug in static version of pthread provided by uClibc). Using chroot image make sense, because you don't wanna mess up production version with libraries and headers. Other solution would be probably cross-compiling, but with GCC it's a hell. I think that Aboriginal Linux could be modified to use bionic or musl libc instead of uClibc. This would provide good solution for building binaries against bionic/musl. There are even chroot images provided by Gentoo-Bionic [2] project, but I didn't play with them yet. As for other informations regarding Bifrost Linux, wiki [3] was created. [1] http://www.landley.net/aboriginal/ [2] http://code.google.com/p/gentoo-bionic/ [3] https://wiki.ict.kth.se/bifrost/
