Hello FreeBSD community,
I wonder, is it possible to
Every single executable I tested with security/hardening-check was confirmed to be a PIE (I believe the whole system is built in this manner).
This is not the case in FreeBSD 11.1-RELEASE, so I added these lines into my make.conf:
However, when I try to build anything with these options, the compilation runs for a while (stating on each line that -pie is unknown) and finally fails. I figured that the native CLANG might not be fit for the task, so I installed the devel/llvm50 from ports and added these lines to make.conf:
but to no avail. No matter what CLANG version I use, it fails. Removing everything from
After that, I installed lang/gcc6 and adjusted the make.conf:
That works and ports compile without problems so far. Trouble is, I can't build world with these settings.
What am I doing wrong? Is it even possible to compile the system with PIE at this point?
Thank you.
EDIT: OK, so not every port compiles with these settings, some complain about 'libstdc++ is unsupported'. I found some hints about this in old mailing lists, but it doesn't seem anyone cares now.
I wonder, is it possible to
make buildworld(amd64) with Position Independent Executables? I have this Gentoo Linux machine with GCC 6.4, my CFLAGS and CXXFLAGS being:
Code:
-march=native -O2 -pipe -fomit-frame-pointer -fno-strict-aliasing -fstack-protector -fPIE -pieThis is not the case in FreeBSD 11.1-RELEASE, so I added these lines into my make.conf:
Code:
CFLAGS+= -O2 -pipe -fomit-frame-pointer -fno-strict-aliasing -fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2
CXXFLAGS+= -O2 -pipe -fomit-frame-pointer -fno-strict-aliasing -fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2
CPUTYPE?=native
Code:
CC=/usr/local/bin/clang50
CPP=/usr/local/bin/clang-cpp50
CXX=/usr/local/bin/clang50++ -fPIE to the end of the line helps (at least for ports it does), but then I don't have to specify CFLAGS at all.After that, I installed lang/gcc6 and adjusted the make.conf:
Code:
CC=/usr/local/bin/gcc6
CPP=/usr/local/bin/cpp6
CXX=/usr/local/bin/g++6
AR=/usr/local/bin/gcc-ar6
NM=/usr/local/bin/gcc-nm6
RANLIB=/usr/local/bin/gcc-ranlib6
CFLAGS= -march=native -O2 -pipe -fomit-frame-pointer -fno-strict-aliasing -fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2
CXXFLAGS= -march=native -O2 -pipe -fomit-frame-pointer -fno-strict-aliasing -fstack-protector -fPIE -pie -D_FORTIFY_SOURCE=2What am I doing wrong? Is it even possible to compile the system with PIE at this point?
Thank you.
EDIT: OK, so not every port compiles with these settings, some complain about 'libstdc++ is unsupported'. I found some hints about this in old mailing lists, but it doesn't seem anyone cares now.