diff options
| author | Marek Polacek <polacek@redhat.com> | 2022-11-22 20:46:46 -0500 |
|---|---|---|
| committer | Marek Polacek <polacek@redhat.com> | 2022-11-22 20:47:49 -0500 |
| commit | 258d7149f92f19380c9f7763618d62408c064e60 (patch) | |
| tree | 9549da576a7db4013d5352370daa4d3ab39269f4 /c++tools | |
| parent | 251c72a68af3a8b0638705b73ef120ffdf0053eb (diff) | |
| download | gcc-258d7149f92f19380c9f7763618d62408c064e60.zip gcc-258d7149f92f19380c9f7763618d62408c064e60.tar.gz gcc-258d7149f92f19380c9f7763618d62408c064e60.tar.bz2 | |
configure: Implement --enable-host-bind-now
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening. BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.
This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.
c++tools/ChangeLog:
* configure.ac (--enable-host-bind-now): New check.
* configure: Regenerate.
gcc/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Add
-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-bind-now.
lto-plugin/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Link with
-z,now.
* configure: Regenerate.
Diffstat (limited to 'c++tools')
| -rwxr-xr-x | c++tools/configure | 11 | ||||
| -rw-r--r-- | c++tools/configure.ac | 7 |
2 files changed, 18 insertions, 0 deletions
diff --git a/c++tools/configure b/c++tools/configure index 8808700..006efe07 100755 --- a/c++tools/configure +++ b/c++tools/configure @@ -628,6 +628,7 @@ EGREP GREP CXXCPP LD_PICFLAG +enable_host_bind_now PICFLAG MAINTAINER CXX_AUX_TOOLS @@ -702,6 +703,7 @@ enable_maintainer_mode enable_checking enable_default_pie enable_host_pie +enable_host_bind_now with_gcc_major_version_only ' ac_precious_vars='build_alias @@ -1336,6 +1338,7 @@ Optional Features: yes,no,all,none,release. --enable-default-pie enable Position Independent Executable as default --enable-host-pie build host code as PIE + --enable-host-bind-now link host code as BIND_NOW Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -3007,6 +3010,14 @@ fi +# Enable --enable-host-bind-now +# Check whether --enable-host-bind-now was given. +if test "${enable_host_bind_now+set}" = set; then : + enableval=$enable_host_bind_now; LD_PICFLAG="$LD_PICFLAG -Wl,-z,now" +fi + + + # Check if O_CLOEXEC is defined by fcntl diff --git a/c++tools/configure.ac b/c++tools/configure.ac index 1e42689..d3f23f6 100644 --- a/c++tools/configure.ac +++ b/c++tools/configure.ac @@ -110,6 +110,13 @@ AC_ARG_ENABLE(host-pie, [build host code as PIE])], [PICFLAG=-fPIE; LD_PICFLAG=-pie], []) AC_SUBST(PICFLAG) + +# Enable --enable-host-bind-now +AC_ARG_ENABLE(host-bind-now, +[AS_HELP_STRING([--enable-host-bind-now], + [link host code as BIND_NOW])], +[LD_PICFLAG="$LD_PICFLAG -Wl,-z,now"], []) +AC_SUBST(enable_host_bind_now) AC_SUBST(LD_PICFLAG) # Check if O_CLOEXEC is defined by fcntl |