On 15:16 Fri 17 Dec     , Christopher Schwan wrote:
> On Friday 17 December 2010 14:55:03 Thomas Kahle wrote:
> > On 14:22 Fri 17 Dec     , Christopher Schwan wrote:
> > > Mpir's configure scripts looks like its adding "-Wl,-z,noexecstack" if it
> > > detects a gcc+x86/amd64 configuration - so I guess noexecstack should
> > > work out of the box. If it does not I would consider this as broken.
> > 
> > Yes, I saw that. The configure method fails directly, it just does *not*
> > add the ldflag (at least when configure is run by portage).
> > 
> > I also tried to add "-Wl,-z,noexecstack" via append-ldflags, and it is
> > indeed appended as visible in the compile output, but the exec stacks
> > are still there and the QA warning comes up, so I guess we can consider
> > this broken and stick with your solution of patching the asm (which sill
> > works fine)
> 
> Did you read http://www.gentoo.org/proj/en/hardened/gnu-stack.xml ? The 
> document proposes a slightly different approach for assembler files:
> 
>     append-flags -Wa,--noexecstack

Read it again now.  Indeed, "-Wa,--noexecstack" also works, but the page
says that patching is the preferred approach... well at least if the
patches land upstream at some point. I guess it just does not matter.

Cheers,
Thomas



-- 
Thomas Kahle
http://dev.gentoo.org/~tomka/