This bug was created as a clone of Bug #620058 which has more context.

https://dxr.mozilla.org/mozilla-central/source/build/autoconf/compiler-opts.m4#271 is the exact place that needs changing -- unless I've missed something this should be straightforward.

Comment on attachment 8863468 [details] Bug 1360300 -- Support enabling PIE when using clang. https://reviewboard.mozilla.org/r/135254/#review138152 ::: build/autoconf/compiler-opts.m4:267 (Diff revision 1) > MOZ_ARG_ENABLE_BOOL(pie, > [ --enable-pie Enable Position Independent Executables], > MOZ_PIE=1, > MOZ_PIE= ) > > -if test "$GNU_CC" -a -n "$MOZ_PIE"; then > +if test "$GNU_CC$CLANG_CC" -a -n "$MOZ_PIE"; then Not sure if this will affect clang-cl, but thought I'd mention it...

For future reference, here's how I verified that clang on Linux didn't have |-pie| by default: root@7cc00b38b604:/# cat t.c int main() {} root@7cc00b38b604:/# clang t.c root@7cc00b38b604:/# ./hardening-check a.out a.out: Position Independent Executable: no, normal executable! Stack protected: no, not found! Stack protected: no, not found! Fortify Source functions: no, not found! Read-only relocations: yes Immediate binding: no, not found! root@7cc00b38b604:/# clang -pie t.c root@7cc00b38b604:/# ./hardening-check a.out a.out: Position Independent Executable: yes Stack protected: no, not found! Stack protected: no, not found! Fortify Source functions: no, not found! Read-only relocations: yes Immediate binding: no, not found! root@7cc00b38b604:/# clang --version clang version 3.8.1-23 (tags/RELEASE_381/final) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/bin (This is using a Debian stretch docker container, do not be alarmed by root :-))

Comment on attachment 8863468 [details] Bug 1360300 -- Support enabling PIE when using clang. https://reviewboard.mozilla.org/r/135254/#review138152 > Not sure if this will affect clang-cl, but thought I'd mention it... https://clang.llvm.org/docs/UsersManual.html#clang-cl doesn't list it; all the flags listed are MSVC syle `/flag`. It didn't support `-fstack-protector-strong` so it makes sense to me that it's not supported here either.

Comment on attachment 8863468 [details] Bug 1360300 -- Support enabling PIE when using clang. https://reviewboard.mozilla.org/r/135254/#review138158

(In reply to Alex Gaynor [:Alex_Gaynor] from comment #4) > For future reference, here's how I verified that clang on Linux didn't have > |-pie| by default: By the way, on macOS this can be checked by $ otool -hv </path/to/executable> $ otool -hv /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 23 2272 NOUNDEFS DYLDLINK TWOLEVEL BINDS_TO_WEAK PIE

Comment on attachment 8863468 [details] Bug 1360300 -- Support enabling PIE when using clang. https://reviewboard.mozilla.org/r/135254/#review138172 ::: commit-message-57b37:9 (Diff revisions 1 - 2) > comment isn't relevant. > > While PIE is enabled by default on macOS, this isn't true of clang on Linux. > --enable-pie can now be used with clang on Linux. > > +r=froydnj FWIW, if you write your commit message title as: "Bug 1360300 - Support enabling PIE when using clang; r?froydnj" mozreview will take care of flagging the correct reviewer when you push and updating the commit with the correct reviewer when it's landed, which will save you some steps.

Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/6087ce1bca59 Support enabling PIE when using clang. r=froydnj