From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-80546-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DB8C4139694
	for <garchives@archives.gentoo.org>; Tue,  9 May 2017 17:26:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8958DE0D92;
	Tue,  9 May 2017 17:26:51 +0000 (UTC)
Received: from tsukuyomi.43-1.org (tsukuyomi.43-1.org [IPv6:2a01:4f8:173:743::1:50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 33CB4E0D09
	for <gentoo-dev@lists.gentoo.org>; Tue,  9 May 2017 17:26:51 +0000 (UTC)
From: Matthias Maier <tamiko@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
CC: toolchain@gentoo.org
Date: Tue, 09 May 2017 12:26:48 -0500
Message-ID: <874lwu9c13.fsf@kestrel.kyomu.43-1.org>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
X-Archives-Salt: e28091fe-6a1a-4b71-8645-00787bd2540d
X-Archives-Hash: 0190e551522086253c8441a7d45b74ca

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Title: GCC 6 defaults to USE=3D"pie ssp"
Author: Matthias Maier <tamiko@gentoo.org>
Content-Type: text/plain
Posted: 2017-05-07
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: >=3Dsys-devel/gcc-6.3.0
Display-If-Keyword: amd64

In Gentoo, several GCC features can be default disabled or enabled=20
via use-flags of sys-devel/gcc. Starting with gcc-4.8.3 we have already
enabled default SSP [1]. Since the PIE patchset for default position=20
independent executable support was integrated upstream [2,3], starting=20
with gcc-6.3 we are also enabling PIE by default (via a default-enabled=20
use-flag pie) in regular (non-hardened) profiles.

[Additionally, following Gentoo policies, the default-off use-flags=20
nopie (only present in Hardened) and nossp are replaced starting with=20
gcc-6 by default-on use-flags pie and ssp.]

Be advised that switching from an older version to GCC 6 will enable the=20
PIE feature by default. This should not cause many problems, but it may=20
be necessary to recompile parts of your userland. An indicator are=20
linker errors of the form [4]

  relocation R_X86_64_32 against `.rodata.str1.1' can not be used when
  making a shared object; recompile with -fPIC

[1] https://www.gentoo.org/support/news-items/2014-06-15-gcc48_ssp.html
[2] https://gcc.gnu.org/gcc-6/changes.html
[3] A big thanks to all developers and members of the Gentoo community that
    made upstreaming the pie patchset and other hardening options possible!
[4] https://bugs.gentoo.org/617698

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIzBAEBCgAdFiEE6t/5JjgpnbiQKMUluE7NiUruef8FAlkR+9gACgkQuE7NiUru
ef8hjg//b4lfsKjYoCwGXSBWc9HGlk+vaOuhR3QV9RQatVGIv+4e+iQjAzIbSBFo
hMY/39mjzjM848a7/4J0sz9V9pyeCqcjOoJw+mjn8FYQGaXPDADd5WtskBxUTdkd
DUEbVhcpfEOvRjIDlYd9Jju8PdznlwFBOibRbsiaKYo6VdKiIjSeZpcm8F6Nr9xC
JntteUM7Q2cW2nd+tOysRel+l6ugw5fZ+k+eejTgAACzC7ZgLCw0cFgpmisyzB6C
35zP0HarCJxHjS6VQLTzC2EBGDzOwPrNFAkcc7fEFA64W0CW6VOpSP1kj0jptGZS
vcyRp+TW4zeZpfr2P90lr86bWjliJLBFIcZtSFT9nU9reyeZmem+/dKLiVruMeFF
r3gokb/6GxgQ/XmVaBvmF9zGBSA04lLIvu1U/+VOJq6m7nCKskXGFpcvtH36poJM
xKNsHFMNCQu17L1qX/JNpyezkQaFbEkHc3muf0+OFjwfZzeISqKuvaXtcOcjlpnO
EvfK3YXIS8DIGI+KHhrIuEaRCWAV8gAA/m+62MNsbsfO8kj6yN5dk7cs/kig6vaP
48BZ8UKgIXbzZ1KLt/dIamT3cqY/ysBLqOtpKr4Ds3bLNhc5UUxRGm2iyGx6sLT2
82KdTHgkO5BF7MAcNUyueFiqER19u3b/6EFLGac3vDBx4CVA6Pk=
=EAoB
-----END PGP SIGNATURE-----
--=-=-=--