On Tue, Oct 25, 2011 at 1:59 AM, Ryan Hill <[email protected]> wrote: > On Mon, 24 Oct 2011 13:26:01 +0200 > ""Paweł Hajdan, Jr."" <[email protected]> wrote: >> Is it possible to just pass flags to GCC: disable all this hardened >> stuff? I know you can disable stack protector, but how about PIE or PIC, >> and possible other hardening features? > > You might be able to use the GCC_SPECS env var. > > Personally I think this is a lot of work for not much benefit, but if you > want to do it then who am I to argue.
Wouldn't the potential benefit to be allowing more hardened flags to go into the default specs so that everybody benefits, but then allowing individual packages to turn them off for compatibility reasons. This would be not unlike what we do with filter-flags for packages that are finicky about optimizations. I'm not suggesting putting flags that break 90% of packages in the defaults. However, right now in the discussion about moving some hardened features to default the sense is that we sacrifice hardening for the sake of package selection, so a flag that breaks 5% of the packages in the tree wouldn't be a good one to enable. However, setting the specs per-package would let you be a little more aggressive since fixing a few odd ebuilds isn't a big deal, as long as the settings don't cause trouble if not enabled system-wide. Rich
