Home Explore Help
Sign In
oss
/
uclibc-ng
4
1
Fork 0
Files Issues 3 Pull Requests 0 Wiki
Browse Source

Patch from Peter S. Mazinger:
Add UCLIBC_BUILD_NOEXECSTACK support.

Eric Andersen 19 years ago
parent
6ae64d2583
commit
f8e6aa06ff
3 changed files with 30 additions and 5 deletions
Split View Show Diff Stats
  1. 6 2
      Rules.mak
  2. 21 3
      extra/Configs/Config.in
  3. 3 0
      ldso/ldso/Makefile

+ 6 - 2
Rules.mak
View File 

@@ -89,10 +89,10 @@ ARFLAGS:=r
 
 
 OPTIMIZATION:=
 
 PICFLAG:=-fPIC
 
+
 
 PIEFLAG:=$(call check_gcc,-fPIE,)
 
 ifeq ($(strip $(PIEFLAG)),-fPIE)
 
-# should add check if ld supports -pie
 
-LDPIEFLAG:=-Wl,-pie
 
+LDPIEFLAG:=$(shell $(LD) --help | grep -q pie && echo "-Wl,-pie")
 
 endif
 
 
 # Some nice CPU specific optimizations
 
@@ -286,6 +286,10 @@ ifeq ($(DOPIC),y)
 
 endif
 
 
 ASFLAGS = $(CFLAGS)
 
+ifeq ($(UCLIBC_BUILD_NOEXECSTACK),y)
 
+check_as_noexecstack=$(shell if $(LD) --help | grep -q "z noexecstack"; then echo "-Wa,--noexecstack"; fi)
 
+ASFLAGS += $(check_as_noexecstack)
 
+endif
 
 
 LIBGCC_CFLAGS ?= $(CFLAGS) $(CPU_CFLAGS-y)
 
 LIBGCC:=$(shell $(CC) $(LIBGCC_CFLAGS) -print-libgcc-file-name)

+ 21 - 3
extra/Configs/Config.in
View File 

@@ -1089,12 +1089,17 @@ endmenu
 
 
 menu "uClibc security related options"
 
 
+config UCLIBC_SECURITY
 
+	bool "Enable security options"
 
+	default n
 
+
 
 config UCLIBC_BUILD_PIE
 
 	bool "Build utilities as ET_DYN/PIE executables"
 
+	depends on UCLIBC_SECURITY
 
 	depends on HAVE_SHARED
 
 	depends on TARGET_i386 || TARGET_powerpc || TARGET_frv
 
 	select FORCE_SHAREABLE_TEXT_SEGMENTS if BUILD_UCLIBC_LDSO
 
-	default n
 
+	default y
 
 	help
 
 	  If you answer Y here, ldd and iconv are built as ET_DYN/PIE executables.
 
 	  It requires gcc-3.4 and binutils-2.15 or later.
 
@@ -1105,6 +1110,7 @@ config UCLIBC_BUILD_PIE
 
 
 config UCLIBC_HAS_SSP
 
 	bool "Support for propolice stack protection"
 
+	depends on UCLIBC_SECURITY
 
 	default n
 
 	help
 
 	  Adds propolice protection to libc (__guard and __stack_smash_handler).
 
@@ -1144,6 +1150,7 @@ endchoice
 
 
 config UCLIBC_BUILD_SSP
 
 	bool "Build uClibc with propolice protection"
 
+	depends on UCLIBC_SECURITY
 
 	depends on UCLIBC_HAS_SSP
 
 	default n
 
 	help
 
@@ -1151,18 +1158,29 @@ config UCLIBC_BUILD_SSP
 
 
 config UCLIBC_BUILD_RELRO
 
 	bool "Build uClibc with RELRO"
 
+	depends on UCLIBC_SECURITY
 
 	depends on BUILD_UCLIBC_LDSO
 
-	default n
 
+	default y
 
 	help
 
 	  Build all libraries and executables with -z relro.
 
 
 config UCLIBC_BUILD_NOW
 
 	bool "Build uClibc with NOW"
 
+	depends on UCLIBC_SECURITY
 
 	depends on BUILD_UCLIBC_LDSO
 
-	default n
 
+	default y
 
 	help
 
 	  Build all libraries and executables with -z now.
 
 
+config UCLIBC_BUILD_NOEXECSTACK
 
+	bool "Build uClibc with noexecstack marking"
 
+	depends on UCLIBC_SECURITY
 
+	default y
 
+	help
 
+	  Mark all assembler files as noexecstack. This will result in marking
 
+	  all libraries and executables built against uClibc not requiring
 
+	  executable stack.
 
+
 
 endmenu
 
 
 menu "uClibc development/debugging options"

+ 3 - 0
ldso/ldso/Makefile
View File 

@@ -23,6 +23,9 @@ LDSO_FULLNAME=ld-uClibc-$(MAJOR_VERSION).$(MINOR_VERSION).$(SUBLEVEL).so
 
 
 # reset to initial (disabling predefined CFLAGS)
 
 ASFLAGS=
 
+ifeq ($(UCLIBC_BUILD_NOEXECSTACK),y)
 
+ASFLAGS+=$(check_as_noexecstack)
 
+endif
 
 
 XXFLAGS=$(XWARNINGS) $(SSP_DISABLE_FLAGS)
 
 ifeq ($(DODEBUG),y)