[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [autoconf] Problems Configuring (C Compiler cannot produce executabl
From: |
Russ Allbery |
Subject: |
Re: [autoconf] Problems Configuring (C Compiler cannot produce executables) |
Date: |
Wed, 22 Aug 2012 12:36:05 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) |
Jeffrey Walton <address@hidden> writes:
> $ ./configure CFLAGS="-Wall -Wextra -Wconversion -fPIE
> -Wno-unused-parameter -Wformat=2 -Wformat-security
> -fstack-protector-all -Wstrict-overflow -Wl,-pie -Wl,-z,noexecstack
> -Wl,-z,relro -Wl,-z,now"
The thing that jumps out at me as different between what Debian uses for
its normal hardening flags and what you're using is the -Wl,-pie flag in
CFLAGS. Debian just uses -fPIE in CFLAGS and then adds -fPIE -pie to
LDFLAGS. I'm not sure if that would make a difference.
You in general want to avoid ever using -Wl if you can help it, since
you're hiding the flag from the compiler by using that. If the compiler
needed to know that you were linking that way so that it could do other
magic itself, you break that support by using -Wl.
Here's what Debian is using:
CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now
Also, you should generally not add -Wall -Wextra to the configure flags,
and instead add it after configure completes, since many of the tricks
configure has to use will result in warnings when you turn on all the
compiler warnings, which can confuse configure.
--
Russ Allbery (address@hidden) <http://www.eyrie.org/~eagle/>
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), (continued)
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), suzuki toshiya, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Bob Friesenhahn, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables),
Russ Allbery <=
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Mike Frysinger, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/23
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/23
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Mike Frysinger, 2012/08/22
- Re: [autoconf] Problems Configuring (C Compiler cannot produce executables), Jeffrey Walton, 2012/08/23
- Re: Problems Configuring (C Compiler cannot produce executables), Miles Bader, 2012/08/23
- Re: Problems Configuring (C Compiler cannot produce executables), Russ Allbery, 2012/08/23