From: Joshua G Lock <joshua.g.lock@linux.intel.com>
To: Khem Raj <raj.khem@gmail.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/5] security_flags: remove invalid linker option
Date: Fri, 19 Aug 2016 19:29:41 +0100 [thread overview]
Message-ID: <1471631381.5679.12.camel@linux.intel.com> (raw)
In-Reply-To: <BC909AA0-A8C7-4B7F-B23F-4090F5E13A85@gmail.com>
On Fri, 2016-08-19 at 10:05 -0700, Khem Raj wrote:
> >
> > On Aug 19, 2016, at 8:34 AM, Joshua Lock <joshua.g.lock@intel.com>
> > wrote:
> >
> > -fstack-protector-* is a compiler option, not a linker option.
>
> IIRC There are packages
> who do not use CFLAGS in linker cmdline which case this fails
>
> what issues do you see with this option appearing in ldflags ?
>
> This should be tested with world builds on both musl and glibc
I wasn't sure why it appeared in ldflags, none of the (admittedly only
glibc) builds I did seemed to have any related failures.
I'll drop this patch and add a comment as to the intent of including
that in ldflags.
Thanks,
Joshua
> >
> >
> > [YOCTO #9948]
> >
> > Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
> > ---
> > meta/conf/distro/include/security_flags.inc | 9 ++-------
> > 1 file changed, 2 insertions(+), 7 deletions(-)
> >
> > diff --git a/meta/conf/distro/include/security_flags.inc
> > b/meta/conf/distro/include/security_flags.inc
> > index 20f48de..77fade6 100644
> > --- a/meta/conf/distro/include/security_flags.inc
> > +++ b/meta/conf/distro/include/security_flags.inc
> > @@ -15,8 +15,8 @@ SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-
> > security -Werror=format-security"
> > SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> > SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> >
> > -SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
> > -SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
> > +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> > +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
> >
> > # powerpc does not get on with pie for reasons not looked into as
> > yet
> > SECURITY_CFLAGS_powerpc = "-fstack-protector-strong
> > ${lcl_maybe_fortify}"
> > @@ -100,11 +100,6 @@ SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> > TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
> > TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
> >
> > -SECURITY_LDFLAGS_remove_pn-gcc-runtime = "-fstack-protector-
> > strong"
> > -SECURITY_LDFLAGS_remove_pn-glibc = "-fstack-protector-strong"
> > -SECURITY_LDFLAGS_remove_pn-glibc-initial = "-fstack-protector-
> > strong"
> > -SECURITY_LDFLAGS_remove_pn-uclibc = "-fstack-protector-strong"
> > -SECURITY_LDFLAGS_remove_pn-uclibc-initial = "-fstack-protector-
> > strong"
> > SECURITY_LDFLAGS_pn-xf86-video-fbdev = "${SECURITY_X_LDFLAGS}"
> > SECURITY_LDFLAGS_pn-xf86-video-intel = "${SECURITY_X_LDFLAGS}"
> > SECURITY_LDFLAGS_pn-xf86-video-omapfb = "${SECURITY_X_LDFLAGS}"
> > --
> > 2.7.4
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
next prev parent reply other threads:[~2016-08-19 18:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-19 15:34 [PATCH 0/5] security_flags: additions in line with common practice Joshua Lock
2016-08-19 15:34 ` [PATCH 1/5] security_flags: remove invalid linker option Joshua Lock
2016-08-19 17:05 ` Khem Raj
2016-08-19 18:29 ` Joshua G Lock [this message]
2016-08-19 15:34 ` [PATCH 2/5] security_flags: pass ssp-buffer-size param to stack protector Joshua Lock
2016-08-19 17:07 ` Khem Raj
2016-08-19 18:46 ` Joshua G Lock
2016-08-22 8:02 ` André Draszik
2016-08-22 10:42 ` Joshua Lock
2016-08-19 15:34 ` [PATCH 3/5] security_flags: link position independent executables Joshua Lock
2016-08-19 15:34 ` [PATCH 4/5] security_flags: update comment header Joshua Lock
2016-08-19 15:34 ` [PATCH 5/5] security_flags: ensure changes to SHARED_OBJECTS cause recompile Joshua Lock
2016-08-19 16:02 ` Richard Purdie
2016-08-19 17:11 ` Khem Raj
2016-08-19 18:26 ` Joshua G Lock
2016-08-19 18:26 ` Joshua G Lock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471631381.5679.12.camel@linux.intel.com \
--to=joshua.g.lock@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox