aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2017-12-19 13:51:01 -0800
committerH.J. Lu <hjl.tools@gmail.com>2017-12-19 13:51:16 -0800
commit126adc89d8a32193df075ce665e76ad95ebd0557 (patch)
tree2016db69e9f2221fb0a4f3b40651d2b819df069f
parent648615e13f8d7b638cb911926b8bb70804217f15 (diff)
downloadglibc-126adc89d8a32193df075ce665e76ad95ebd0557.zip
glibc-126adc89d8a32193df075ce665e76ad95ebd0557.tar.gz
glibc-126adc89d8a32193df075ce665e76ad95ebd0557.tar.bz2
Document that --enable-static-pie implies PIE
To build static PIE, all .o files are compiled with -fPIE. Since --enable-static-pie is designed to provide additional security hardening benefits, it also implies that glibc programs and tests are created as dynamic position independent executables (PIE) by default for better security hardening. Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> * manual/install.texi: Document that --enable-static-pie implies PIE. * INSTALL: Regenerated.
-rw-r--r--ChangeLog6
-rw-r--r--INSTALL4
-rw-r--r--manual/install.texi3
3 files changed, 11 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index d194a73..9d567b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-12-19 H.J. Lu <hongjiu.lu@intel.com>
+
+ * manual/install.texi: Document that --enable-static-pie
+ implies PIE.
+ * INSTALL: Regenerated.
+
2017-12-19 Bernd Edlinger <bernd.edlinger@hotmail.de>
[BZ #21309]
diff --git a/INSTALL b/INSTALL
index 9a1404b..42508e6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -93,7 +93,9 @@ will be used, and CFLAGS sets optimization options for the compiler.
programs as well as static tests are built as static PIE, except
for those marked with no-pie. The resulting glibc can be used with
the GCC option, -static-pie, which is available with GCC 8 or
- above, to create static PIE.
+ above, to create static PIE. This option also implies that glibc
+ programs and tests are created as dynamic position independent
+ executables (PIE) by default.
'--disable-profile'
Don't build libraries with profiling information. You may want to
diff --git a/manual/install.texi b/manual/install.texi
index fb956b5..50e6c35 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -123,7 +123,8 @@ address without help from a dynamic linker. All static programs as
well as static tests are built as static PIE, except for those marked
with no-pie. The resulting glibc can be used with the GCC option,
-static-pie, which is available with GCC 8 or above, to create static
-PIE.
+PIE. This option also implies that glibc programs and tests are created
+as dynamic position independent executables (PIE) by default.
@item --disable-profile
Don't build libraries with profiling information. You may want to use