[Development] -reduce-relocations vs hardening

Thiago Macieira thiago.macieira at intel.com
Thu Aug 20 23:08:40 CEST 2015

On Thursday 20 August 2015 22:16:15 Kevin Kofler wrote:
> Lisandro Damián Nicanor Pérez Meyer wrote:
> > Hi! yesterday I received a [bug] report asking Qt to not requiring apps
> > using it to pass -fPIC (actually to let the app use -fPIE) due to
> > hardening reasons.
> -fPIC actually allows the same hardening as -fPIE. PIE is basically the
> subset of PIC required for hardening.


-fPIE is -fPIC but with some extra optimisations that assume that the code 
being generated is the first one to ever be loaded into memory. That means it 
knows none of its symbols may be interposed (including ones it copy-relocated) 
and that thread-specific variables may use the initial-exec and local-exec TLS 

The problem isn't "preventing hardening". The problem is the hardening adding 
-fPIE to code that otherwise was already using -fPIC. Just leave it at -fPIC.

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

More information about the Development mailing list