Web lists-archives.com

Re: In Stretch, gcc producing position independent binaries by default?




	Hi.

On Sat, 15 Apr 2017 14:39:49 +0000 (UTC)
Neoklis Kyriazis <nkcyham@xxxxxxxxx> wrote:

> 
> >They patched gcc to produce PIE by default - and that's one of Debian
> >stretch release goals. See:
> >
> >https://wiki.debian.org/Hardening/PIEByDefaultTransition
> 
> 
> Ah thanks! New to Debian so I was not aware of this. My problem though
> is that filers like ROX and pcmanfm do not start PIE executables by
> clicking on them because they are seen as shared objects. 

Yes, that's known problem. I recall seeing some heated discussions
about it, but cannot find the links (was it PIE for Mozilla's built
Firefox? - my memory fails me).
The current consensus for graphical file managers on this seems to be
'yes, PIE executables are broken in this regard, but developer should
provide a .desktop file anyway'.

Not that I agree with such approach (on graphical file managers, PIE
is ok idea), but they took it.


> Anyhow, I expect there are now recommended CFLAGS for gcc when compiling
> binaries for Debian, right?

For 3 last major releases at least. Run 'dpkg-buildflags --get CFLAGS'
to see them. And don't forget 'dpkg-buildflags --get LDFLAGS' for the
linker.

Please note then one's using so called 'sane' build system (autotools,
cmake, etc) - the debhelper usually takes care of recommended CFLAGS
and LDFLAGS by itself.

Reco