Re: [yocto] Using prelink in Thud and subsequent
On Fri, 4 Jan 2019 at 15:56, Matt Hoosier wrote: > Okay, fair enough. There's a lot of mechanical configuration in poky,conf > that would be nice to not to maintain a copy of, but that's fine. If there's anything in there that should just be shunted into the default configuration, then please do send a patch (there most likely is plenty). Ross -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Using prelink in Thud and subsequent
Okay, fair enough. There's a lot of mechanical configuration in poky,conf that would be nice to not to maintain a copy of, but that's fine. On Fri, Jan 4, 2019 at 9:52 AM Burton, Ross wrote: > Don't use Poky? Your own distro configuration doesn't have to include > security_flags.inc. > > Ross > > On Fri, 4 Jan 2019 at 15:50, Matt Hoosier wrote: > > > > Hi all, > > > > With the following change, position-independent executables became the > default in Poky: > > > > commit 491082c56ce34f3fd644f8d4457ccd52af951087 > > Author: Khem Raj > > Date: Fri Jul 27 19:46:14 2018 -0700 > > > > poky.conf: Enable security flags+pie by defaultEnable security > flags+pie by > > > > This has been an opt-in for so long, some distributions e.g. > > poky-lsb uses it by default however, since most of linux > > distros have started to default to these settings for security > > enhancements, time has come for OE to make it default too > > > > This carries the consequence that prelinking no longer really works. > What's the recommendation for users that want to keep applying whole-system > prelink optimizations (that is, image-prelink.bbclass)? Manually resetting > SECURITY_CFLAGS to the empty string after including poky.conf will come > close to undoing the effect of security_flags.inc, but there are a few > places its effects will still leak out. > > > > -Matt > > -- > > ___ > > yocto mailing list > > yocto@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Using prelink in Thud and subsequent
Don't use Poky? Your own distro configuration doesn't have to include security_flags.inc. Ross On Fri, 4 Jan 2019 at 15:50, Matt Hoosier wrote: > > Hi all, > > With the following change, position-independent executables became the > default in Poky: > > commit 491082c56ce34f3fd644f8d4457ccd52af951087 > Author: Khem Raj > Date: Fri Jul 27 19:46:14 2018 -0700 > > poky.conf: Enable security flags+pie by defaultEnable security flags+pie > by > > This has been an opt-in for so long, some distributions e.g. > poky-lsb uses it by default however, since most of linux > distros have started to default to these settings for security > enhancements, time has come for OE to make it default too > > This carries the consequence that prelinking no longer really works. What's > the recommendation for users that want to keep applying whole-system prelink > optimizations (that is, image-prelink.bbclass)? Manually resetting > SECURITY_CFLAGS to the empty string after including poky.conf will come close > to undoing the effect of security_flags.inc, but there are a few places its > effects will still leak out. > > -Matt > -- > ___ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Using prelink in Thud and subsequent
Hi all, With the following change, position-independent executables became the default in Poky: commit 491082c56ce34f3fd644f8d4457ccd52af951087 Author: Khem Raj Date: Fri Jul 27 19:46:14 2018 -0700 poky.conf: Enable security flags+pie by defaultEnable security flags+pie by This has been an opt-in for so long, some distributions e.g. poky-lsb uses it by default however, since most of linux distros have started to default to these settings for security enhancements, time has come for OE to make it default too This carries the consequence that prelinking no longer really works. What's the recommendation for users that want to keep applying whole-system prelink optimizations (that is, image-prelink.bbclass)? Manually resetting SECURITY_CFLAGS to the empty string after including poky.conf will come close to undoing the effect of security_flags.inc, but there are a few places its effects will still leak out. -Matt -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
