This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: PIE and FSF gcc
Jack Howarth <howarth@bromo.med.uc.edu> writes:
> On Fri, Jun 17, 2011 at 07:30:43AM -0700, Ian Lance Taylor wrote:
>>
>> For PCH what matters is not whether gcc defaults to generating PIE, but
>> whether gcc itself is compiled as a PIE. In general I believe that a
>> PIE gcc will not support PCH--it will work most of the time, but will
>> occasionally fail. However, I have not actually tested this. If I'm
>> right about this limitation, it would be quite difficult to fix given
>> the current PCH implementation. Fortunately, as far as I can see, the
>> kind of attacks which PIE protects against are unimportant when
>> attacking gcc, as gcc simply runs under your own user ID on your own
>> system. Anything the user can somehow suborn gcc into doing, the user
>> can do anyhow. So I see no reason to build gcc as a PIE. Of course
>> those considerations would change if somebody is running a compilation
>> server on the net which invokes gcc; such a setup might get some small
>> benefit from building gcc as a PIE, but such a setup would be unlikely
>> to support PCH in any case.
>
> I found some interesting information on what Gentoo Hardened Linux
> is doing with their toolchain here...
>
> http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml
>
> It appears that they consider JIT to be a major security risk and disable it
> by default...
>
> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#jitflag
>
> as well as passing...
>
> CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,now -Wl,-z,relro"
>
> automatically on builds.
Those web pages are about whether gcc defaults to generating PIE. As I
said, for PCH what matters is whether gcc itself is compiled as a PIE.
> Also, apparently -O3 is considered problematic when SSP is in use.
>
> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#Othreessp
It would be interesting to find out what the problem is here.
Ian