From patchwork Mon May 14 12:02:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 135725 Delivered-To: patch@linaro.org Received: by 2002:a2e:9706:0:0:0:0:0 with SMTP id r6-v6csp1671415lji; Mon, 14 May 2018 05:02:20 -0700 (PDT) X-Google-Smtp-Source: AB8JxZryAIIXXCB3ZBy5Lu/QjTZkJxono3HLGBiCfyAXga4LCfQSm1w0scIsmU+SKwSXrgCeEWPg X-Received: by 2002:a17:902:9344:: with SMTP id g4-v6mr9769943plp.10.1526299340585; Mon, 14 May 2018 05:02:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526299340; cv=none; d=google.com; s=arc-20160816; b=GvAoCplfcIQaqIzC+tNUGTHG05FrbiBPiMgdwlyq598VaSSmNnflG28QRhKkQxlful khE5PM+OwTastMlfVA+P3ZBbMYgEflanYb8UUXvIqk6ZGRvn7UAIU4A135H1I48zT45/ FTuFwquP1HIMWmc2fp7FHHVq5JZy1DEmNbnd5TFFQwINYTla6HnOdxZL6eXwiuUDP1Cp 0d61fnzOE61CEwdWBVdVYeFT0/xYfakS/l31/Sf1K0SuZQ5T862ipcKLCMcXFSjKGQvU 5acg2Fo5IDpQQxDiPnj22kCplDkbJXr2qAhTyG97mLVMGOuP5RIuQO6HpjSpbk42qqnu xCpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=5BkOlugn9hAwyMh4utcL9A/wJSJmiWlt+Qgt7VDc+tw=; b=nXBJc71iwEsKWbMV1eEdDptkQFMc+fhzZwEZFiyFwLH0VvhHf8/r/VUTr3yH4Gmr7f adqkALRvRxRl6ASjBqnN0QY++DN+n91ocM9WBFya0U0n1SGI1ADA+HGAXcurnVbm8TFn /mNYDeXXcZzx9xZhtSuvTIVAy6PvfLo0rGOIBEZ+fsrn+FKLIh4N5E4iLVKSfjo/lQsA lhB0MDW6UWllqPLx47szWJXVy7iwlje7THwnJTuqBQiO0tySLj2IiR4gXq8LUQ/cF6HB +kfCHPdsYXUgRJpI5a7EwmO7R0DOPZP2w6wIkkjbA9jwwajp1I3hjT3spkpWkl5WlOOd 2BcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=FsGEBKIu; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id b16-v6si4058384pgn.79.2018.05.14.05.02.20; Mon, 14 May 2018 05:02:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=FsGEBKIu; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Received: from layers.openembedded.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id C17CC77D6B; Mon, 14 May 2018 12:02:16 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by mail.openembedded.org (Postfix) with ESMTP id 703F275561 for ; Mon, 14 May 2018 12:02:13 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id a8-v6so12983524wmg.5 for ; Mon, 14 May 2018 05:02:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=wT/JxYobXuZjX0SW5jUFGnvVwYUohyHoPluUWU3Lh54=; b=FsGEBKIujRgeh6akGK4ya0kbon0rk1uAsriqbShSMYgEJSfOG8ufZsghibZ9K9YaEs cbdea4kOggoLqqW8PtMsZ1KfjmV40htazZMsmOdhwDSfoqh3FSZi7TmL4kBfNc0iTAX9 y0sTB7cBuXLio7qRa5nr7jZPxp/U3G5iXz3YDXesCJeAYJgu6zCqQm6/tSSG5yQNNn3T t8wHYnkSteBjU0LomNuT/iAon8h6oMr4j7Sv6XYi49ewVxgsJk41cT57aUqutK+/fTaB /AlUiB8IFcoeunLNXui5Rzx+tNX2aMGGCRHmYT5PO4aP3DMSgoTVREucQ0osm1KoWcOi Hkkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=wT/JxYobXuZjX0SW5jUFGnvVwYUohyHoPluUWU3Lh54=; b=BlODlNAqHQc6mS1BvXtG0mBDJ2nsm3jJNkO7r7u5Vvu3QIPFqW9FaCYuJVI+a1aU9r OQPn++rakOW6m/ApDf1MW3KTiNzC0zEGum0oTh4VWhf5ViYuqQx0QrVGkmH1lQhJX3Ub k1qXC8W8w1xxLuf7pzhrNVlLEBdPZ4SXN6wRpxVOYYBFle1PbaPLWpejlcHrIOXSeiPH Wfm/r7+wII8q3PjRDzpoqT7+2zQEIC+juRitdF72u4RRcyL6sDPgURHDmQUBc+gY6fN0 q/kRKh/sSJq+ZCAfbWkRcnf5BqT8gpOsYNYMmeir1+XhSJWoIt+0o7dJ/fmHePo/v0PJ LS7w== X-Gm-Message-State: ALKqPwc/DhKbtIj95xG+lZS3FuKgLcvcZ4seLBdnVNNRPrHRQzz7EnVp Kxx5sIonbuaYjQGeOmF5GNXnZbqO X-Received: by 2002:a1c:6741:: with SMTP id b62-v6mr4959408wmc.0.1526299334201; Mon, 14 May 2018 05:02:14 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d8-v6sm12416384wrb.52.2018.05.14.05.02.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 May 2018 05:02:13 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Mon, 14 May 2018 13:02:11 +0100 Message-Id: <20180514120211.8169-1-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 Subject: [OE-core] [PATCH] security_flags: disable static PIE in glibc X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Static PIE doesn't work entirely right in GCC 7, for example ldconfig on ARM with the flags enabled will something segfault during initialisation. To mitigate this until we have GCC 8 integrated, don't enable static PIE. Signed-off-by: Ross Burton --- meta/conf/distro/include/security_flags.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index e6eb8114a24..6245e89ada4 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -6,7 +6,7 @@ # in the DISTRO="poky-lsb" configuration. GCCPIE ?= "--enable-default-pie" -GLIBCPIE ?= "--enable-static-pie" +# If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use # -O0 which then results in a compiler warning.