On Friday 17 December 2010 14:55:03 Thomas Kahle wrote: > On 14:22 Fri 17 Dec , Christopher Schwan wrote: > > Mpir's configure scripts looks like its adding "-Wl,-z,noexecstack" if it > > detects a gcc+x86/amd64 configuration - so I guess noexecstack should > > work out of the box. If it does not I would consider this as broken. > > Yes, I saw that. The configure method fails directly, it just does *not* > add the ldflag (at least when configure is run by portage). > > I also tried to add "-Wl,-z,noexecstack" via append-ldflags, and it is > indeed appended as visible in the compile output, but the exec stacks > are still there and the QA warning comes up, so I guess we can consider > this broken and stick with your solution of patching the asm (which sill > works fine)
Did you read http://www.gentoo.org/proj/en/hardened/gnu-stack.xml ? The document proposes a slightly different approach for assembler files: append-flags -Wa,--noexecstack Which tells the assembler to use --nostack (instead of telling the linker to use -z,noexecstack). > > Cheers, > Thomas Cheers, Christopher
