[arch-dev-public] Changing compilation flags
Allan McRae
allan at archlinux.org
Sat Jul 1 22:32:51 UTC 2017
On 02/07/17 06:51, Bartłomiej Piotrowski wrote:
> On 2017-06-30 23:44, Allan McRae wrote:
>> On 30/06/17 19:07, Bartłomiej Piotrowski wrote:
>>> On 2016-10-24 05:56, Allan McRae wrote:
>>>> 1) building gcc to enable PIE by default
>>>
>>> I am in the middle of rebuilding gcc with --enable-default-pie. When it
>>> finishes, I will start a todo for rebuilding packages with static libraries.
>>>
>>> I also enabled --enable-default-ssp, which means that
>>> -fstack-protector-strong will be dropped from our CFLAGS (as it will be
>>> enforced by gcc) on the next opportunity.
>>>
>>
>> Are you adding full RELRO + no-plt at the same time?
>>
>> A
>>
>
> Yes, and -fstack-check=specific too, although I might drop no-plt if it
> will cause too many builders.
>
I thought the conclusion from the Stack Clash bugs was that the current
-fstack-check was fundamentally flawed and was being completely
rewritten for the next gcc. Is the "=specific" version OK?
More information about the arch-dev-public
mailing list