On 15:16 Fri 17 Dec , Christopher Schwan wrote: > On Friday 17 December 2010 14:55:03 Thomas Kahle wrote: > > On 14:22 Fri 17 Dec , Christopher Schwan wrote: > > > Mpir's configure scripts looks like its adding "-Wl,-z,noexecstack" if it > > > detects a gcc+x86/amd64 configuration - so I guess noexecstack should > > > work out of the box. If it does not I would consider this as broken. > > > > Yes, I saw that. The configure method fails directly, it just does *not* > > add the ldflag (at least when configure is run by portage). > > > > I also tried to add "-Wl,-z,noexecstack" via append-ldflags, and it is > > indeed appended as visible in the compile output, but the exec stacks > > are still there and the QA warning comes up, so I guess we can consider > > this broken and stick with your solution of patching the asm (which sill > > works fine) > > Did you read http://www.gentoo.org/proj/en/hardened/gnu-stack.xml ? The > document proposes a slightly different approach for assembler files: > > append-flags -Wa,--noexecstack
Read it again now. Indeed, "-Wa,--noexecstack" also works, but the page says that patching is the preferred approach... well at least if the patches land upstream at some point. I guess it just does not matter. Cheers, Thomas -- Thomas Kahle http://dev.gentoo.org/~tomka/
pgpIJN2nofyVX.pgp
Description: PGP signature
