<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div>On Tue, 2022-01-25 at 09:33 +0100, Abou Al Montacir wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><br></div><div>Personally, I'd prefer robustness against performance, but have no clue what kind of attacks we may encounter if lacking hardening.</div></blockquote><div><br></div><div>Just to be clear here, hardening is unavailable on PPC64el but works fine on Intel and Arm platforms, most other as well but no personal knowledge there.</div><div><br></div><div>So, hardening, being a Debian preferred model can, and perhaps should be applied to <b>all</b> the binaries in FPC and Lazarus if thats how you feel about it. It would be a patch applied to either the makefile or one scr file per binary, depending on the type of binary. Those that are already dynamicly linked, just need a couple of extra switches applied to their respective entry in the makefile, I believe that happens already for some, more significent fpc binaries.</div><div><br></div><div>A special case is where the binary is only statically linked because its a small, single function thing that does not need to be linked externally. There are a handful of such binaries in FPC. In their case, they need the src patched to add eg {$linklib c}, that forces an otherwise unnecessary link to the C libs and therefore dynamic linking, then just add the -Cg -k-pie -k-znow</div><div><br></div><div>Or, somewhat messier, I found you can explicitly name the loader on the linker line</div><div><br></div><div>fpc -Cg -k-pie -k-znow -k"--dynamic-linker /lib64/ld-linux-x86-64.so.2" test.pas</div><div><br></div><div><br></div><div><br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>I don't have time, for now, to query this, and taking into accounts remarks and questions above, I would say let's keep this as is?</div><div>No override, live with it until we get a clear decision on whether we should do it or not.</div></blockquote><div><br></div><div><div>I certainly agree its not a case for an override, if its wrong, it needs to be flagged wrong. We can choose a temporary patch based fix or leave them unhardened, for now, flagged as such.</div><div><br></div><div>Davo</div></div></body></html>