From patchwork Tue Dec 19 21:24:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 25026 Received: (qmail 52602 invoked by alias); 19 Dec 2017 21:24:54 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 52593 invoked by uid 89); 19 Dec 2017 21:24:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.1 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=act X-HELO: mail-ot0-f173.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ZcgnXDuFP7flpQWOr6AuasE859gkmLibUl4YnV9STe8=; b=bquUB5tqPRtSYRwXsChr+PjR+up6yXgDcBSzq3cEV+PBMmBqA7hcSMEqFwjRQQFqfZ JLeiDBIy5XCOI3MCLre8Y6m3mLbTcwnyJ6JIdh9fyK1vvAfUfNVyW+oiW6J+LuiCgscH 8TVnjjUqBt7onDXuz0BLIEi1eRYARpjZNnzS6eZbku9bnAKyHZFX7zuoZ4NeDPtVWX+8 Gw3NnfLIdqnrPRnjpuCOKMnhY3pmuxZXiLWGcxdxQriVHNcWQsB4d6ownJ20QLMJOSHj f2drmATUtLmhgjVcuyZdTcldrVA5SQqXX+1OUM5TEF88TQo2qSUmQiyM1kUGJtERiDMz 0PNQ== X-Gm-Message-State: AKGB3mKRP0D0U+RmLjakMgp2MIrhBH7Xo9mlNjyWTl1pf9zhjuXPFdcT PB33EgKCX+5XI3fJJgp0ga/AOKRNWcQmUXqJZM0= X-Google-Smtp-Source: ACJfBosnKFmQtDcEaD4lndwyKmlySPyj9xfxlbtzvpM/iC/p2y5J2P+SWm4y2T6LXN5sKp1Ken0IijlBA11I/hqDTIY= X-Received: by 10.157.89.136 with SMTP id u8mr3770615oth.341.1513718690867; Tue, 19 Dec 2017 13:24:50 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20171219204641.GB240141@aiede.mtv.corp.google.com> References: <20171219185156.GA25849@gmail.com> <20171219193522.GA240141@aiede.mtv.corp.google.com> <20171219204641.GB240141@aiede.mtv.corp.google.com> From: "H.J. Lu" Date: Tue, 19 Dec 2017 13:24:50 -0800 Message-ID: Subject: Re: [PATCH] Document that --enable-static-pie implies PIE To: Jonathan Nieder Cc: GNU C Library On Tue, Dec 19, 2017 at 12:46 PM, Jonathan Nieder wrote: > H.J. Lu wrote: >> On Tue, Dec 19, 2017 at 11:35 AM, Jonathan Nieder wrote: > >>> When the new text says that dynamic PIE is created by default, what does >>> that mean? Does it mean that my executables will automatically act as >>> though I passed -fPIE by default when I link them or that support for >>> -fPIE will be included in glibc? If the latter, is it saying that such >>> support will be included in the glibc distribution by default but that I >>> can turn it off? i.e. what is the option to unset this default, or what >>> would be the option to turn it on if I don't --enable-static-pie? >> >> How about >> >> This option also implies that glibc programs and tests are created as >> dynamic position independent executable (PIE) by default. > > With s/executable/executables/, LGTM. This is the patch I am checking in. >>> Unrelated: while I'm reading this text >>> >>>> Static PIE is similar to static executable, >>> >>> This is missing an article. > [...] >> Can you submit a separate patch? > > Sure thing. Will try to find time to send one tonight. > Thanks. Reviewed-by: Jonathan Nieder From b3439b169b3e7740b2ade1083313574ffb616f82 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 19 Dec 2017 10:47:10 -0800 Subject: [PATCH] Document that --enable-static-pie implies PIE To build static PIE, all .o files are compiled with -fPIE. Since --enable-static-pie is designed to provide additional security hardening benefits, it also implies that glibc programs and tests are created as dynamic position independent executables (PIE) by default for better security hardening. * manual/install.texi: Document that --enable-static-pie implies PIE. * INSTALL: Regenerated. --- INSTALL | 4 +++- manual/install.texi | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 9a1404bd3c..42508e69dc 100644 --- a/INSTALL +++ b/INSTALL @@ -93,7 +93,9 @@ will be used, and CFLAGS sets optimization options for the compiler. programs as well as static tests are built as static PIE, except for those marked with no-pie. The resulting glibc can be used with the GCC option, -static-pie, which is available with GCC 8 or - above, to create static PIE. + above, to create static PIE. This option also implies that glibc + programs and tests are created as dynamic position independent + executables (PIE) by default. '--disable-profile' Don't build libraries with profiling information. You may want to diff --git a/manual/install.texi b/manual/install.texi index fb956b5d6a..50e6c35050 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -123,7 +123,8 @@ address without help from a dynamic linker. All static programs as well as static tests are built as static PIE, except for those marked with no-pie. The resulting glibc can be used with the GCC option, -static-pie, which is available with GCC 8 or above, to create static -PIE. +PIE. This option also implies that glibc programs and tests are created +as dynamic position independent executables (PIE) by default. @item --disable-profile Don't build libraries with profiling information. You may want to use -- 2.14.3