[PATCH] add a configure option for using RELRO by default

Daniel Micay danielmicay@gmail.com
Wed Nov 11 05:10:00 GMT 2015


On 10/11/15 11:48 PM, Mike Frysinger wrote:
> On 11 Nov 2015 03:01, Romain Geissler wrote:
>> For us the goal is obviously to activate it by default, like many we have
>> been using relro binaries for years now without any issue (x64). I know
>> SuSe that we use is shipping by default binutils having a similar patch.
>> However I'll wait the advice of the binutils gurus to decide this change.
> 
> i don't remember if i mentioned this before, but we've been doing it in Gentoo
> as well for all arches/targets since at least 2.18 / 2008.  i don't recall any 
> grievous bugs due to it, but it's been a long time ...
> -mike

There's a similar patch in Fedora. I want this enabled in Arch Linux
(which already uses RELRO, strong SSP, _FORTIFY_SOURCE=2, etc. via
CFLAGS/LDFLAGS), but it has a policy against applying patches not
accepted by upstream (i.e. backports are fine). There's a cost to having
stuff like this out-of-tree. If the major distributions want this and
patch their toolchain to have it, that's a strong sign that it should
really be upstream (as should SSP by default in GCC).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://sourceware.org/pipermail/binutils/attachments/20151111/786f6fe4/attachment.sig>


More information about the Binutils mailing list