Hardening flags

Russ Allbery eagle at eyrie.org
Sun Dec 6 23:30:27 UTC 2020

Julien ÉLIE <julien at trigofacile.com> writes:

> With libperl.a built without -fPIC, linking with -pie fails for innd:

Yeah, that's to be expected.  In order to create position-independent
output (an executable or a library), all objects linked into it, including
static libraries, have to be built position-independent.

> It means that Perl should at least be built with the following flags:
>   ./Configure -des -Accflags=-fPIC
> otherwise, building INN with Perl support fails if PIE is enabled...
> Same thing for the default build of libpython, but not for others like
> libkrb5 or libdb that seem to include -fPIC in their default build
> options.

I think libkrb5 no longer supports static libraries upstream.

> Should we care for that?

My initial feeling is no mostly because I don't expect many users of INN
to be building their own Perl or Python (generally they come with whatever
distribution they're using), and if they do build them, I think most
people will build them shared rather than static (although I admit I don't
know what the default is).

If it turns out that this is more common than we thought, we can always
do something about that later.

Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

More information about the inn-workers mailing list