[cfe-dev] PIE/PIC Clang Defaults on Linux x86-64

Fangrui Song via cfe-dev cfe-dev at lists.llvm.org
Thu Jun 4 18:33:46 PDT 2020

>On Tue, Jun 02, 2020 at 03:38:46PM -0700, Fangrui Song via cfe-dev wrote:
>> (2) Whether or not this is configurable, do we want Generic_GCC::isPIEDefault() to return true
>Be careful about what systems this affects.

We can change Linux::isPIEDefault() instead, assuming that NetBSD
doesn't like it:/

On 2020-06-05, Joerg Sonnenberger via cfe-dev wrote:
>On Thu, Jun 04, 2020 at 05:52:47PM -0700, Eric Christopher wrote:
>> Take this as netbsd isn't one of those that want pie by default?
>Yes, partially because it is known to break certain software, especially
>with ASLR enabled.

Actually, I don't like the idea of enable-default-pie (distribution
picks no-pie or pie default). I think they just lead to confusion and
unnecessary distribution differences (among Linux distros). They could
tune their default CFLAGS / CXXFLAGS / LDFLAGS instead.

For software like seabios, they have to add things like -no-pie -fno-pie
-fno-stack-protector -fno-stack-protector-all -fstack-check=no
-fcf-protection=none ...

Assuredly these enabled-by-default security features make some packagers
happy: wow, we have a good mechanism to force software to be secure (in their view).
They more or less neglected burden on downstream packages.

More information about the cfe-dev mailing list