about summary refs log tree commit diff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2017-12-19 13:51:01 -0800
committerH.J. Lu <hjl.tools@gmail.com>2017-12-19 13:51:16 -0800
commit126adc89d8a32193df075ce665e76ad95ebd0557 (patch)
tree2016db69e9f2221fb0a4f3b40651d2b819df069f
parent648615e13f8d7b638cb911926b8bb70804217f15 (diff)
downloadglibc-126adc89d8a32193df075ce665e76ad95ebd0557.tar.gz
glibc-126adc89d8a32193df075ce665e76ad95ebd0557.tar.xz
glibc-126adc89d8a32193df075ce665e76ad95ebd0557.zip
Document that --enable-static-pie implies PIE
To build static PIE, all .o files are compiled with -fPIE.  Since
--enable-static-pie is designed to provide additional security hardening
benefits, it also implies that glibc programs and tests are created as
dynamic position independent executables (PIE) by default for better
security hardening.

Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>

	* manual/install.texi: Document that --enable-static-pie
	implies PIE.
	* INSTALL: Regenerated.
-rw-r--r--ChangeLog6
-rw-r--r--INSTALL4
-rw-r--r--manual/install.texi3
3 files changed, 11 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index d194a73592..9d567b20bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-12-19  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* manual/install.texi: Document that --enable-static-pie
+	implies PIE.
+	* INSTALL: Regenerated.
+
 2017-12-19  Bernd Edlinger  <bernd.edlinger@hotmail.de>
 
 	[BZ #21309]
diff --git a/INSTALL b/INSTALL
index 9a1404bd3c..42508e69dc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -93,7 +93,9 @@ will be used, and CFLAGS sets optimization options for the compiler.
      programs as well as static tests are built as static PIE, except
      for those marked with no-pie.  The resulting glibc can be used with
      the GCC option, -static-pie, which is available with GCC 8 or
-     above, to create static PIE.
+     above, to create static PIE. This option also implies that glibc
+     programs and tests are created as dynamic position independent
+     executables (PIE) by default.
 
 '--disable-profile'
      Don't build libraries with profiling information.  You may want to
diff --git a/manual/install.texi b/manual/install.texi
index fb956b5d6a..50e6c35050 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -123,7 +123,8 @@ address without help from a dynamic linker.  All static programs as
 well as static tests are built as static PIE, except for those marked
 with no-pie.  The resulting glibc can be used with the GCC option,
 -static-pie, which is available with GCC 8 or above, to create static
-PIE.
+PIE.  This option also implies that glibc programs and tests are created
+as dynamic position independent executables (PIE) by default.
 
 @item --disable-profile
 Don't build libraries with profiling information.  You may want to use