From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181048-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 257D1139083
	for <garchives@archives.gentoo.org>; Mon,  4 Dec 2017 14:42:32 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 52D7AE1026;
	Mon,  4 Dec 2017 14:41:49 +0000 (UTC)
Received: from km35626.keymachine.de (km35626.keymachine.de [87.118.86.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CA1E3E0FF9
	for <gentoo-user@lists.gentoo.org>; Mon,  4 Dec 2017 14:41:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by km35626.keymachine.de (Postfix) with ESMTP id 6C13411258AF
	for <gentoo-user@lists.gentoo.org>; Mon,  4 Dec 2017 15:41:46 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at km35626.keymachine.de.
Received: from km35626.keymachine.de ([127.0.0.1])
	by localhost (km35626.keymachine.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id vryHI6cJ6bpx for <gentoo-user@lists.gentoo.org>;
	Mon,  4 Dec 2017 15:41:45 +0100 (CET)
Received: from grusum.endjinn.de (p3EE239A6.dip0.t-ipconnect.de [62.226.57.166])
	by km35626.keymachine.de (Postfix) with ESMTPSA id 3FE6C1124C53
	for <gentoo-user@lists.gentoo.org>; Mon,  4 Dec 2017 15:41:45 +0100 (CET)
Received: by grusum.endjinn.de (Postfix, from userid 500)
	id 24565170392; Mon,  4 Dec 2017 15:40:32 +0100 (CET)
Date: Mon, 4 Dec 2017 15:40:58 +0100
From: David Haller <gentoo@dhaller.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Am I in trouble now?
Message-ID: <20171204144058.cb7vyhwgvbxhnrvh@grusum.endjinn.de>
Mail-Followup-To: gentoo-user@lists.gentoo.org
References: <20171203185619.n3ysxkc7bnrfrvxl@solfire>
 <3161763.dWV9SEqChM@thetick>
 <4228521.R0EHDELr10@thetick>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <4228521.R0EHDELr10@thetick>
Organization: What?
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170609 (1.8.3)
X-Archives-Salt: bad2ead7-fc06-4400-b811-27f2f7eb0cd0
X-Archives-Hash: e96032aa36bd3bf48daace7aa70452c6

Hello,

On Mon, 04 Dec 2017, Marc Joliet wrote:
>Am Sonntag, 3. Dezember 2017, 21:22:23 CET schrieb Marc Joliet:
>> Of course, that doesn't mean that things are correct on your end, though=
=2E=20
>> On one of my computers, checksec does say "PIE enabled".  Maybe you shou=
ld
>> try compiling something else and verifying it.  After all, there's proba=
bly
>> a reason why the "emerge -e @world" bit doesn't exclude any of the packa=
ges
>> previously rebuilt.  I'll try to verify that on my desktop, though
>
>Just to follow up on this, I've now done everything except the "emerge -e=
=20
>@world" step on my desktop, which shows "No PIE" for /usr/bin/x86_64-pc-li=
nux-
>gnu-g++, but "PIE enabled" for /usr/x86_64-pc-linux-gnu/binutils-bin/2.29.=
1/ld=20
>(part of binutils, which was rebuilt *after* gcc).  So try checking that i=
f=20
>you want to be sure (and haven't done your own verification in the meantim=
e).

Don't worry. I find plenty of _explicit_ '-fno-pie -fno-PIE' in the
sys-devel/gcc build-stuff and build logs.

Using my "check-pie" "extracted from checksec" script[1]:

# check-pie /usr/bin/*gcc* /usr/bin/*g++* 2>/dev/null
/usr/bin/gcc    PIE
/usr/bin/gcc-6.4.0      no pie
/usr/bin/gcc-7.2.0      no pie
/usr/bin/gcc-ar PIE
/usr/bin/gcc-nm PIE
/usr/bin/gcc-ranlib     PIE
/usr/bin/gccgo  no pie
/usr/bin/x86_64-pc-linux-gnu-gcc        PIE
/usr/bin/x86_64-pc-linux-gnu-gcc-6.4.0  no pie
/usr/bin/x86_64-pc-linux-gnu-gcc-7.2.0  no pie
/usr/bin/x86_64-pc-linux-gnu-gcc-ar     PIE
/usr/bin/x86_64-pc-linux-gnu-gcc-nm     PIE
/usr/bin/x86_64-pc-linux-gnu-gcc-ranlib PIE
/usr/bin/x86_64-pc-linux-gnu-gccgo      no pie
/usr/bin/g++    PIE
/usr/bin/g++-6.4.0      no pie
/usr/bin/g++-7.2.0      no pie
/usr/bin/x86_64-pc-linux-gnu-g++        PIE
/usr/bin/x86_64-pc-linux-gnu-g++-6.4.0  no pie
/usr/bin/x86_64-pc-linux-gnu-g++-7.2.0  no pie

[the 2>/dev/null filters out the "not an executable" stuff]

I see a pattern there ;)

I've rebuilt 7.2.0 after the profile change and the "pie" useflag was
set. I guess gcc/g++ does some magic internal (assembler?) stuff while
compiling that makes it unsuitable to be compiled as a PI Executable.

I eselected 7.2.0, as I'm recompiling @world anyways ;) Let's see how
that'll work out. Currently I'm at 353/710 of an '--emptytree
@system'... I think I'll recompile the rest (of @world |=AF| @system as
I go along during regular updates, @world would've been something like
939 IIRC, but probably all the biggies. Oh, and I explicitly excluded
icedtea for now. Or I'll "check-pie"/"checksec" and follow that.

HTH,
-dnh

[1] see a thread or two previous to this

--=20
Eine Wognatur wird nicht gesiggt, sondern gewoggt.
                                       [Axel Woelke in dag=B0, 31.3.2000]