From 03baef1c9cfb396d76cae20a00aee657871e79c4 Mon Sep 17 00:00:00 2001 From: Nick Alcock Date: Mon, 26 Dec 2016 10:08:18 +0100 Subject: Configure support for --enable-stack-protector [BZ #7065] This adds =all and =strong, with obvious semantics, defaulting to off. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value appropriate for the stack-protection level in use for each file in particular. --- INSTALL | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index acb622a..104f36b 100644 --- a/INSTALL +++ b/INSTALL @@ -135,6 +135,17 @@ will be used, and CFLAGS sets optimization options for the compiler. '--enable-lock-elision=yes' Enable lock elision for pthread mutexes by default. +'--enable-stack-protector' +'--enable-stack-protector=strong' +'--enable-stack-protector=all' + Compile the C library and all other parts of the glibc package + (including the threading and math libraries, NSS modules, and + transliteration modules) using the GCC '-fstack-protector', + '-fstack-protector-strong' or '-fstack-protector-all' options to + detect stack overruns. Only the dynamic linker and a small number + of routines called directly from assembler are excluded from this + protection. + '--enable-pt_chown' The file 'pt_chown' is a helper binary for 'grantpt' (*note Pseudo-Terminals: Allocation.) that is installed setuid root to fix -- cgit v1.1