[hardening-discuss] Bug#596150: No documentation how to filter *_PIE which breaks building of shared objects
Kees Cook
kees at debian.org
Wed Sep 8 21:16:20 UTC 2010
Hi,
On Wed, Sep 08, 2010 at 11:02:18PM +0200, Emil Langrock wrote:
> I tried to use the file to find the correct flags for a project. It simply
> included it as specified in the file
>
> /usr/share/hardening-includes/hardening.make
>
> And in my main Makefile i did something like
>
> export CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
> export LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
>
>
> but omg, it killed the compilation completely. The reason seems to be the pie
> stuff. So I could disable the PIE of course, but when thinking about
> package management then we would have the problem that packages which are
> shared objects and executables that we automatically kill pie for them.
Which project was this? I'd like to see the specific situation in which it
fails so I can more easily debug it.
The hardening-wrapper works for these situations just fine, so it's
likely something I missed in how to pass the flags for -includes or it
needs to be passed into the project differently.
Thanks!
-Kees
--
Kees Cook @debian.org
More information about the hardening-discuss
mailing list