Hardening flags

Russ Allbery eagle at eyrie.org
Mon Nov 30 01:56:08 UTC 2020


Julien ÉLIE <julien at trigofacile.com> writes:

> Hi all,

>> A remaining issue is a build with "--with-pic=no".

> I would finally just suggest to disable the generation of shared
> libraries when PIC mode is disabled.
> --with-pic=no -> call to AC_DISABLE_SHARED

This seems fine to me, although I'll also say that I think it's fine not
to put too much maintenance effort into accomodating odd combinations of
flags.  Shared libraries are by definition position-independent (at least
on basically all modern platforms), so if one wants non-PIC code,
disabling shared libraries is the right approach.  (It's not the sort of
thing that I think it's likely anyone would turn off.)

> I'm also wondering whether a --with-pie configure option wouldn't be
> useful to have.  It would be on by default, and would permit to easily
> disable a PIE build when needed (for instance in architectures that do
> not support it correctly).

I have no objections, but we could also wait to see if anyone cares and
save the maintenance effort if no one asks for it.

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list