diff options
| author | Marek Polacek <polacek@redhat.com> | 2022-11-22 20:46:46 -0500 |
|---|---|---|
| committer | Marek Polacek <polacek@redhat.com> | 2022-11-22 20:47:49 -0500 |
| commit | 258d7149f92f19380c9f7763618d62408c064e60 (patch) | |
| tree | 9549da576a7db4013d5352370daa4d3ab39269f4 /lto-plugin | |
| parent | 251c72a68af3a8b0638705b73ef120ffdf0053eb (diff) | |
| download | gcc-258d7149f92f19380c9f7763618d62408c064e60.zip gcc-258d7149f92f19380c9f7763618d62408c064e60.tar.gz gcc-258d7149f92f19380c9f7763618d62408c064e60.tar.bz2 | |
configure: Implement --enable-host-bind-now
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening. BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.
This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.
c++tools/ChangeLog:
* configure.ac (--enable-host-bind-now): New check.
* configure: Regenerate.
gcc/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Add
-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-bind-now.
lto-plugin/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Link with
-z,now.
* configure: Regenerate.
Diffstat (limited to 'lto-plugin')
| -rwxr-xr-x | lto-plugin/configure | 20 | ||||
| -rw-r--r-- | lto-plugin/configure.ac | 11 |
2 files changed, 29 insertions, 2 deletions
diff --git a/lto-plugin/configure b/lto-plugin/configure index d522bd2..3467def 100755 --- a/lto-plugin/configure +++ b/lto-plugin/configure @@ -663,6 +663,7 @@ accel_dir_suffix gcc_build_dir CET_HOST_FLAGS ac_lto_plugin_ldflags +enable_host_bind_now ac_lto_plugin_warn_cflags EGREP GREP @@ -778,6 +779,7 @@ enable_maintainer_mode with_libiberty enable_dependency_tracking enable_largefile +enable_host_bind_now enable_cet with_gcc_major_version_only enable_shared @@ -1425,6 +1427,7 @@ Optional Features: --disable-dependency-tracking speeds up one-time build --disable-largefile omit support for large files + --enable-host-bind-now link host code as BIND_NOW --enable-cet enable Intel CET in host libraries [default=auto] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] @@ -5669,6 +5672,19 @@ if test "x$have_static_libgcc" = xyes; then ac_lto_plugin_ldflags="-Wc,-static-libgcc" fi +# Enable --enable-host-bind-now +# Check whether --enable-host-bind-now was given. +if test "${enable_host_bind_now+set}" = set; then : + enableval=$enable_host_bind_now; +fi + + + +if test x$enable_host_bind_now = xyes; then + ac_lto_plugin_ldflags="$ac_lto_plugin_ldflags -Wl,-z,now" +fi + + # Check whether --enable-cet was given. if test "${enable_cet+set}" = set; then : @@ -12134,7 +12150,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12137 "configure" +#line 12165 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12240,7 +12256,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12243 "configure" +#line 12271 "configure" #include "confdefs.h" #if HAVE_DLFCN_H diff --git a/lto-plugin/configure.ac b/lto-plugin/configure.ac index 0a72027..84f2a60 100644 --- a/lto-plugin/configure.ac +++ b/lto-plugin/configure.ac @@ -25,6 +25,17 @@ LDFLAGS="$saved_LDFLAGS" if test "x$have_static_libgcc" = xyes; then ac_lto_plugin_ldflags="-Wc,-static-libgcc" fi + +# Enable --enable-host-bind-now +AC_ARG_ENABLE(host-bind-now, +[AS_HELP_STRING([--enable-host-bind-now], + [link host code as BIND_NOW])]) +AC_SUBST(enable_host_bind_now) + +if test x$enable_host_bind_now = xyes; then + ac_lto_plugin_ldflags="$ac_lto_plugin_ldflags -Wl,-z,now" +fi + AC_SUBST(ac_lto_plugin_ldflags) GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) |