From patchwork Tue Dec 19 18:51:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lu, Hongjiu" X-Patchwork-Id: 25021 Received: (qmail 110948 invoked by alias); 19 Dec 2017 18:52:00 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 110939 invoked by uid 89); 19 Dec 2017 18:51:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, NO_DNS_FOR_FROM, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy= X-HELO: mga09.intel.com X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False X-ExtLoop1: 1 Date: Tue, 19 Dec 2017 10:51:56 -0800 From: "H.J. Lu" To: GNU C Library Subject: [PATCH] Document that --enable-static-pie implies PIE Message-ID: <20171219185156.GA25849@gmail.com> Reply-To: "H.J. Lu" MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.9.1 (2017-09-22) To build static PIE, all .o files are compiled with -fPIE. Since --enable-static-pie is designed to provide additional security hardening benefits, it also implies that dynamic PIE is created by default for better security hardening. OK for master? H.J. --- * manual/install.texi: Document that --enable-static-pie implies PIE. * INSTALL: Regenerated. --- INSTALL | 3 ++- manual/install.texi | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 9a1404bd3c..cae574e5e3 100644 --- a/INSTALL +++ b/INSTALL @@ -93,7 +93,8 @@ will be used, and CFLAGS sets optimization options for the compiler. programs as well as static tests are built as static PIE, except for those marked with no-pie. The resulting glibc can be used with the GCC option, -static-pie, which is available with GCC 8 or - above, to create static PIE. + above, to create static PIE. This option also implies that dynamic + position independent executable (PIE) is created by default. '--disable-profile' Don't build libraries with profiling information. You may want to diff --git a/manual/install.texi b/manual/install.texi index fb956b5d6a..95eea19459 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -123,7 +123,8 @@ address without help from a dynamic linker. All static programs as well as static tests are built as static PIE, except for those marked with no-pie. The resulting glibc can be used with the GCC option, -static-pie, which is available with GCC 8 or above, to create static -PIE. +PIE. This option also implies that dynamic position independent +executable (PIE) is created by default. @item --disable-profile Don't build libraries with profiling information. You may want to use