Summary: | sys-devel/gcc: use -fvisibility=hidden with -fPIE (?) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | wbrana |
Component: | [OLD] Core system | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
Status: | RESOLVED UPSTREAM | ||
Severity: | enhancement | CC: | hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://gcc.gnu.org/PR54182 | ||
See Also: | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54182 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
modified 06_all_gcc46_esp.h.patch from piepatches
modified specs file |
It seems that it isn't already needed. I was wrong. It is still needed. Hardened gcc 4.7.1 should, but doesn't use -fvisibility=hidden if -fno-PIE isn't used. -fvisibility-hidden is not a flag that you enable globally. Non-hardened gcc has -fvisibility=hidden enabled globally. Also hardened gcc with enable -fvisibility=hidden with -fno-PIE. Also hardened gcc enable -fvisibility=hidden with -fno-PIE. Created attachment 320558 [details]
modified specs file
previous modified patch can't be used.
gcc has to dump specs file with -dumpspecs after compilation
at line 168 "-fPIE" has to be replaced with "-fPIE -fvisibility=hidden"
modified specs file has to be stored in directory
/usr/lib/gcc/x86_64-pc-linux-gnu/4.7.1
(In reply to comment #4) > Non-hardened gcc has -fvisibility=hidden enabled globally. > Also hardened gcc with enable -fvisibility=hidden with -fno-PIE. (In reply to comment #5) > Also hardened gcc enable -fvisibility=hidden with -fno-PIE. What do you get if you add -fPIE -pie to the command line for the no hardened one? -fPIE -pie disabled -fvisibility=hidden with non-hardened one this is something to suggest on the upstream gcc-patches@gcc.gnu.org list I opened upstream bug http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54182 Why it has to fixed upstream? Vanilla GCC is broken and doesn't use PIE by default. Gentoo Hardened fixed it. Why Gentoo Hardened can't fix also -fvisibility=hidden? Upstream doesn't want to fix it. |
Created attachment 320544 [details] modified 06_all_gcc46_esp.h.patch from piepatches gcc could use -fvisibility=hidden with -fPIE