[OE-core] [PATCH 3/5] security_flags.inc: add -fPIC to SECURITY_NO_PIE_CFLAGS
Alexander Kanavin
alexander.kanavin at linux.intel.com
Fri Jun 17 18:12:12 UTC 2016
On 06/17/2016 05:38 AM, Andre McCurdy wrote:
>> SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>> -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>> +SECURITY_NO_PIE_CFLAGS ?= "-fPIC -fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
>
> I don't think this does anything useful. An executable won't be
> position independent unless -pie is passed to the linker, so if
> linking with -pie doesn't work, forcing all object code to be position
> independent is just adding overhead with no benefit.
That's right; there is no security benefit in -fPIC alone.
Sorry for not researching this fully.
I have however disabled NO_PIE for all recipes that use it, and then
re-enabled it for those that started to fail. This uncovered a few
recipes where NO_PIE is no longer needed - at least on x86_64. Patch is
coming :)
Alex
More information about the Openembedded-core
mailing list