search

GwenNelson / distcc

Automatically exported from code.google.com/p/distcc
GNU General Public License v2.0
0 stars 0 forks source link

Pass -D__KERNEL__ over the wire #25

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
[This is not a bug report!]

In my hardened linux distribution (that uses a hardened toolchain) there 
is an error if I compile the kernel! Because of the SSP and PIE flags that 
are enabled by default and can be overwritten by -nopie and -nossp they 
are also enabled when I compile the linux kernel.

But there is one special case; that is -D__KERNEL__ that is defined on the 
kernel compile and lets gcc now NOT to use -fPIC and so on.

In strip.c of distcc you can find code that strips any -Ds (which is 
generally right and good because they are normally only used by the 
preprocessor).

Whould it please be possible to add an extra exception that passed -
D__KERNEL__ "through the wire"?! Is it "safe"?

Thanks in advance
Michael

Original issue reported on code.google.com by m.s.tremer@gmail.com on 23 Oct 2008 at 5:43

GoogleCodeExporter commented 9 years ago 
Let me see if I understand... you have a special "hardened" gcc toolchain, and 
you're using it to compile the 
Linux kernel.  Your special toolchain has some patches to make gcc use SSP and 
PIE by default, unless the "-
D__KERNEL__" option is given.  Is that right?

If so, that seems to me like an abuse of the -D option.  It would be better for 
you to remove the patch from 
gcc where it makes -D__KERNEL__ imply -nossp -nopie, and to instead patch the 
Linux kernel build system 
(Makefiles, etc.) so that it passes "-D__KERNEL__ -nossp -nopie" rather than 
"-D__KERNEL__".  While it would 
be possible to patch distcc to work around this, that doesn't seem like the 
best place to fix it.

Original comment by fergus.h...@gmail.com on 26 Oct 2008 at 7:07

GoogleCodeExporter commented 9 years ago 
You did understand everything right, yeah!

But after your statement I think that your way would be the better way. I had a 
closer look to the patches (http://git.ipfire.org/?
p=patches.git;a=tree;f=gcc;h=23ad0e6226cfc8a80419e69d2ef8fc9d6fccfbbd;hb=HEAD) 
and 
it would not be much to do to append -nopie to the gcc command line.

I thougt it would be interesting for some other hardened distributions (like 
gentoo 
hardened) to have that feature in distcc. That was my intention to ask here :D

Thanks for reply...
If it won't work, I will get back to you :D

Original comment by m.s.tremer@gmail.com on 26 Oct 2008 at 9:39

GoogleCodeExporter commented 9 years ago 
Closing this issue with no changes to distcc; as discussed, Linux kernel build 
system is a better place to make 
the change.  (Feel free to reopen if you disagree.)

Original comment by fergus.h...@gmail.com on 27 Oct 2008 at 2:22