Hardening flags
Russ Allbery
eagle at eyrie.org
Sun Dec 6 23:30:27 UTC 2020
Julien ÉLIE <julien at trigofacile.com> writes:
> With libperl.a built without -fPIC, linking with -pie fails for innd:
Yeah, that's to be expected. In order to create position-independent
output (an executable or a library), all objects linked into it, including
static libraries, have to be built position-independent.
> It means that Perl should at least be built with the following flags:
> ./Configure -des -Accflags=-fPIC
> otherwise, building INN with Perl support fails if PIE is enabled...
> Same thing for the default build of libpython, but not for others like
> libkrb5 or libdb that seem to include -fPIC in their default build
> options.
I think libkrb5 no longer supports static libraries upstream.
> Should we care for that?
My initial feeling is no mostly because I don't expect many users of INN
to be building their own Perl or Python (generally they come with whatever
distribution they're using), and if they do build them, I think most
people will build them shared rather than static (although I admit I don't
know what the default is).
If it turns out that this is more common than we thought, we can always
do something about that later.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list