[cfe-dev] PIE/PIC Clang Defaults on Linux x86-64
Fangrui Song via cfe-dev
cfe-dev at lists.llvm.org
Thu Jun 4 18:33:46 PDT 2020
>On Tue, Jun 02, 2020 at 03:38:46PM -0700, Fangrui Song via cfe-dev wrote:
>> (2) Whether or not this is configurable, do we want Generic_GCC::isPIEDefault() to return true
>
>Be careful about what systems this affects.
>
>Joerg
We can change Linux::isPIEDefault() instead, assuming that NetBSD
doesn't like it:/
On 2020-06-05, Joerg Sonnenberger via cfe-dev wrote:
>On Thu, Jun 04, 2020 at 05:52:47PM -0700, Eric Christopher wrote:
>> Take this as netbsd isn't one of those that want pie by default?
>
>Yes, partially because it is known to break certain software, especially
>with ASLR enabled.
>
>Joerg
Actually, I don't like the idea of enable-default-pie (distribution
picks no-pie or pie default). I think they just lead to confusion and
unnecessary distribution differences (among Linux distros). They could
tune their default CFLAGS / CXXFLAGS / LDFLAGS instead.
For software like seabios, they have to add things like -no-pie -fno-pie
-fno-stack-protector -fno-stack-protector-all -fstack-check=no
-fcf-protection=none ...
Assuredly these enabled-by-default security features make some packagers
happy: wow, we have a good mechanism to force software to be secure (in their view).
They more or less neglected burden on downstream packages.
More information about the cfe-dev
mailing list