From mboxrd@z Thu Jan  1 00:00:00 1970
From: Laurent Bigonville <bigon@debian.org>
Subject: Reset the LDFLAGS and building helper executables
Date: Mon, 27 Jun 2016 22:08:20 +0200
Message-ID: <0e720589-e434-e617-61a3-8805d4324f86@debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com
	[10.5.110.31])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id u5RKGDqw011015
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Mon, 27 Jun 2016 16:16:13 -0400
Received: from anor.bigon.be (anor.bigon.be [91.121.173.99])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 6B115C049D7F
	for <linux-audit@redhat.com>; Mon, 27 Jun 2016 20:16:12 +0000 (UTC)
Received: from anor.bigon.be (localhost.localdomain [127.0.0.1])
	by anor.bigon.be (Postfix) with ESMTP id 5A2721A1A1
	for <linux-audit@redhat.com>; Mon, 27 Jun 2016 22:08:24 +0200 (CEST)
Received: from anor.bigon.be ([127.0.0.1])
	by anor.bigon.be (anor.bigon.be [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id NMwBwA3iE3QO for <linux-audit@redhat.com>;
	Mon, 27 Jun 2016 22:08:21 +0200 (CEST)
Received: from [IPv6:2a02:578:85fc:10:8c19:a546:9518:af7] (unknown
	[IPv6:2a02:578:85fc:10:8c19:a546:9518:af7])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate) (Authenticated sender: bigon)
	by anor.bigon.be (Postfix) with ESMTPSA id 36A761A19D
	for <linux-audit@redhat.com>; Mon, 27 Jun 2016 22:08:21 +0200 (CEST)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: "linux-audit@redhat.com" <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello,

When enabling the hardening flags on debian (adding bindnow and PIE) I 
get the following message:

gcc -DHAVE_CONFIG_H -I. -I../../../lib -I..  -I. -I../../.. 
-I../../../auparse  '-DTABLE_H="actiontab.h"' -g -O2 -c -o 
gen_actiontabs_h-gen_tables.o `test -f 'gen_tables.c' || echo 
'../../../lib/'`gen_tables.c
/bin/bash ../libtool  --tag=CC   --mode=link gcc 
'-DTABLE_H="actiontab.h"' -g -O2  -fPIE -pie -Wl,-z,relro -Wl,-z,now 
-Wl,--as-needed -o gen_actiontabs_h gen_actiontabs_h-gen_tables.o
libtool: link: gcc -DTABLE_H=\"actiontab.h\" -g -O2 -fPIE -pie -Wl,-z 
-Wl,relro -Wl,-z -Wl,now -Wl,--as-needed -o gen_actiontabs_h 
gen_actiontabs_h-gen_tables.o
/usr/bin/ld: gen_actiontabs_h-gen_tables.o: relocation R_X86_64_32 
against `.rodata.str1.1' can not be used when making a shared object; 
recompile with -fPIC
gen_actiontabs_h-gen_tables.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status

Looking that build system, it seems that CFLAGS and CPPFLAGS for these 
executables are overriden in lib/Makefile.am and auparse/Makefile.am 
(with CFLAGS_FOR_BUILD and CPPFLAGS_FOR_BUILD) but the LDFLAGS are left 
untouched.

Shouldn't the LDFLAGS also be reset when building these executables?

Regards,

Laurent Bigonville