diff options
| author | Marek Polacek <polacek@redhat.com> | 2023-08-07 13:07:12 +0200 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-08-12 09:58:23 +0930 |
| commit | 60b42421e900f9bb186c306a657f41b88e422bcd (patch) | |
| tree | 129840da06f088a9758bcb3b903fb476bdd5323c | |
| parent | 947edb094ece682e6642c497a871749e8c12d5a5 (diff) | |
| download | gdb-60b42421e900f9bb186c306a657f41b88e422bcd.zip gdb-60b42421e900f9bb186c306a657f41b88e422bcd.tar.gz gdb-60b42421e900f9bb186c306a657f41b88e422bcd.tar.bz2 | |
configure: Implement --enable-host-pie
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
Co-Authored by: Iain Sandoe <iain@sandoe.co.uk>
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
intl/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
libdecnumber/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
zlib/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
| -rw-r--r-- | configure.ac | 43 | ||||
| -rw-r--r-- | intl/configure.ac | 21 | ||||
| -rw-r--r-- | libdecnumber/configure.ac | 19 | ||||
| -rw-r--r-- | zlib/configure.ac | 21 |
4 files changed, 97 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 86d10a6..39dcf54 100644 --- a/configure.ac +++ b/configure.ac @@ -1987,6 +1987,28 @@ AC_ARG_ENABLE(linker-plugin-flags, extra_linker_plugin_flags=) AC_SUBST(extra_linker_plugin_flags) +# Enable --enable-host-pie. +# Checked early to determine whether jit is an 'all' language +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build position independent host executables])], +[host_pie=$enableval + case $host in + x86_64-*-darwin* | aarch64-*-darwin*) + if test x$host_pie != xyes ; then + # PIC is the default, and actually cannot be switched off. + echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2 + host_pie=yes + fi ;; + *) ;; + esac], +[case $host in + *-*-darwin2*) host_pie=yes ;; + *) host_pie=no ;; + esac]) + +AC_SUBST(host_pie) + # Enable --enable-host-shared. # Checked early to determine whether jit is an 'all' language AC_ARG_ENABLE(host-shared, @@ -2000,20 +2022,37 @@ AC_ARG_ENABLE(host-shared, echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2 host_shared=yes fi ;; + *-*-darwin*) + if test x$host_pie == xyes ; then + echo configure.ac: warning: PIC code is required for PIE executables. 1>&2 + host_shared=yes + fi ;; *) ;; esac], [case $host in x86_64-*-darwin* | aarch64-*-darwin*) host_shared=yes ;; - *) host_shared=no ;; + # Darwin needs PIC objects to link PIE executables. + *-*-darwin*) host_shared=host_pie ;; + *) host_shared=no;; esac]) AC_SUBST(host_shared) +if test x$host_shared = xyes; then + PICFLAG=-fPIC +elif test x$host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + +AC_SUBST(PICFLAG) + # If we are building PIC/PIE host executables, and we are building dependent # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC # code. host_libs_picflag= -if test "$host_shared" = "yes";then +if test "$host_shared" = "yes" -o "$host_pie" = "yes"; then host_libs_picflag='--with-pic' fi AC_SUBST(host_libs_picflag) diff --git a/intl/configure.ac b/intl/configure.ac index 77e2fd2..a5fc45b 100644 --- a/intl/configure.ac +++ b/intl/configure.ac @@ -73,5 +73,26 @@ fi AC_SUBST(BISON3_YES) AC_SUBST(BISON3_NO) +# Enable --enable-host-shared. +AC_ARG_ENABLE(host-shared, +[AS_HELP_STRING([--enable-host-shared], + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi +AC_SUBST(PICFLAG) + AC_CONFIG_FILES(Makefile config.intl) AC_OUTPUT diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac index 16c7465..2e95b82 100644 --- a/libdecnumber/configure.ac +++ b/libdecnumber/configure.ac @@ -99,8 +99,23 @@ AC_C_BIGENDIAN # Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + AC_SUBST(PICFLAG) # Output. diff --git a/zlib/configure.ac b/zlib/configure.ac index ec73c21..b50b9c7 100644 --- a/zlib/configure.ac +++ b/zlib/configure.ac @@ -121,11 +121,26 @@ else multilib_arg= fi +# Enable --enable-host-shared. AC_ARG_ENABLE(host-shared, [AS_HELP_STRING([--enable-host-shared], - [build host code as shared libraries])], -[PICFLAG=-fPIC], [PICFLAG=]) -AC_SUBST(PICFLAG) + [build host code as shared libraries])]) +AC_SUBST(enable_host_shared) + +# Enable --enable-host-pie. +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build host code as PIE])]) +AC_SUBST(enable_host_pie) + +if test x$enable_host_shared = xyes; then + PICFLAG=-fPIC +elif test x$enable_host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi +AC_SUBST(PICFLAG) AC_CONFIG_FILES([Makefile]) AC_OUTPUT |