[PATCH] drop unused filterPath

Russ Allbery eagle at eyrie.org
Sat Sep 12 06:54:37 UTC 2020


Julien ÉLIE <julien at trigofacile.com> writes:

> It seems that adding "-fPIE -pie" in CFLAGS could be worthwhile (because
> INN is setuid), not only for rnews.

I think Debian just changes GCC to do this by default so that each
application doesn't need to worry about it, although I'm not 100% sure.  I
know it used to be part of the hardening flags and isn't any more, but
innd on Debian is still built PIE, so I think something makes it happen
automatically.

It's possible Fedora is now doing the same thing.  I believe Ubuntu has
been doing this for a while.

(That said, I have no objections to adding the flags on platforms that
support them.  The very minor speed hit seems unlikely to affect INN in
any significant way.)

I've in general not tried to add hardening compiler flags to the INN build
process since Debian injects them, but maybe it would be a good idea to
import some of them (-fstack-protector-strong, -Wl,-z,relro, and
-Wl,-z,now, for example).

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list