Reset the LDFLAGS and building helper executables
Laurent Bigonville
bigon at debian.org
Mon Jun 27 20:08:20 UTC 2016
Hello,
When enabling the hardening flags on debian (adding bindnow and PIE) I
get the following message:
gcc -DHAVE_CONFIG_H -I. -I../../../lib -I.. -I. -I../../..
-I../../../auparse '-DTABLE_H="actiontab.h"' -g -O2 -c -o
gen_actiontabs_h-gen_tables.o `test -f 'gen_tables.c' || echo
'../../../lib/'`gen_tables.c
/bin/bash ../libtool --tag=CC --mode=link gcc
'-DTABLE_H="actiontab.h"' -g -O2 -fPIE -pie -Wl,-z,relro -Wl,-z,now
-Wl,--as-needed -o gen_actiontabs_h gen_actiontabs_h-gen_tables.o
libtool: link: gcc -DTABLE_H=\"actiontab.h\" -g -O2 -fPIE -pie -Wl,-z
-Wl,relro -Wl,-z -Wl,now -Wl,--as-needed -o gen_actiontabs_h
gen_actiontabs_h-gen_tables.o
/usr/bin/ld: gen_actiontabs_h-gen_tables.o: relocation R_X86_64_32
against `.rodata.str1.1' can not be used when making a shared object;
recompile with -fPIC
gen_actiontabs_h-gen_tables.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
Looking that build system, it seems that CFLAGS and CPPFLAGS for these
executables are overriden in lib/Makefile.am and auparse/Makefile.am
(with CFLAGS_FOR_BUILD and CPPFLAGS_FOR_BUILD) but the LDFLAGS are left
untouched.
Shouldn't the LDFLAGS also be reset when building these executables?
Regards,
Laurent Bigonville
More information about the Linux-audit
mailing list