In Stretch, gcc producing position independent binaries by default?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

In Stretch, gcc producing position independent binaries by default?

Neoklis Kyriazis
Hi,

I have recently completed my first installation of Debian (stretch)
and I am compiling some apps from source. I have noticed that filers
show binaries produce by gcc as being shared library objects instead
of just ELF executables.

I eventually, by searching, I worked around this by specifying the

-no-pie flag in CFLAGS but I would like to know if gcc is by default
set up to produce
position independent binaries or if I have not set up things correctly.



My thanks in advance
--
Best Regards
Neoklis - Ham Radio Call:5B4AZ
http://www.5b4az.org/

Reply | Threaded
Open this post in threaded view
|

Re: In Stretch, gcc producing position independent binaries by default?

recoverym4n
        Hi.

On Sat, 15 Apr 2017 13:50:59 +0000 (UTC)
Neoklis Kyriazis <[hidden email]> wrote:

> Hi,
>
> I have recently completed my first installation of Debian (stretch)
> and I am compiling some apps from source. I have noticed that filers
> show binaries produce by gcc as being shared library objects instead
> of just ELF executables.
>
> I eventually, by searching, I worked around this by specifying the
>
> -no-pie flag in CFLAGS but I would like to know if gcc is by default
> set up to produce
> position independent binaries or if I have not set up things correctly.

They patched gcc to produce PIE by default - and that's one of Debian
stretch release goals. See:

https://wiki.debian.org/Hardening/PIEByDefaultTransition

Reco

Reply | Threaded
Open this post in threaded view
|

Re: In Stretch, gcc producing position independent binaries by default?

Neoklis Kyriazis

>They patched gcc to produce PIE by default - and that's one of Debian
>stretch release goals. See:
>
>https://wiki.debian.org/Hardening/PIEByDefaultTransition


Ah thanks! New to Debian so I was not aware of this. My problem though
is that filers like ROX and pcmanfm do not start PIE executables by
clicking on them because they are seen as shared objects.


Anyhow, I expect there are now recommended CFLAGS for gcc when compiling
binaries for Debian, right?


--
Best Regards
Neoklis - Ham Radio Call:5B4AZ
http://www.5b4az.org/

Reply | Threaded
Open this post in threaded view
|

Re: In Stretch, gcc producing position independent binaries by default?

recoverym4n
        Hi.

On Sat, 15 Apr 2017 14:39:49 +0000 (UTC)
Neoklis Kyriazis <[hidden email]> wrote:

>
> >They patched gcc to produce PIE by default - and that's one of Debian
> >stretch release goals. See:
> >
> >https://wiki.debian.org/Hardening/PIEByDefaultTransition
>
>
> Ah thanks! New to Debian so I was not aware of this. My problem though
> is that filers like ROX and pcmanfm do not start PIE executables by
> clicking on them because they are seen as shared objects.

Yes, that's known problem. I recall seeing some heated discussions
about it, but cannot find the links (was it PIE for Mozilla's built
Firefox? - my memory fails me).
The current consensus for graphical file managers on this seems to be
'yes, PIE executables are broken in this regard, but developer should
provide a .desktop file anyway'.

Not that I agree with such approach (on graphical file managers, PIE
is ok idea), but they took it.


> Anyhow, I expect there are now recommended CFLAGS for gcc when compiling
> binaries for Debian, right?

For 3 last major releases at least. Run 'dpkg-buildflags --get CFLAGS'
to see them. And don't forget 'dpkg-buildflags --get LDFLAGS' for the
linker.

Please note then one's using so called 'sane' build system (autotools,
cmake, etc) - the debhelper usually takes care of recommended CFLAGS
and LDFLAGS by itself.

Reco