isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add "-z now" to hardened link options if supported.

Browse Source 
Can be disabled via --disable-hardening.
This commit is contained in:
Todd C. Miller
2021-09-29 13:31:47 -06:00
parent d15e117c2e
commit edf30c7273
2 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
configure vendored
View File

@@ -31043,6 +31043,77 @@ else $as_nop
fi
else $as_nop
:
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,now" >&5
printf %s "checking whether the linker accepts -Wl,-z,now... " >&6; }
if test ${ax_cv_check_ldflags___Wl__z_now+y}
then :
printf %s "(cached) " >&6
else $as_nop
ax_check_save_flags=$LDFLAGS
LDFLAGS="$LDFLAGS -Wl,-z,now"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main (void)
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
ax_cv_check_ldflags___Wl__z_now=yes
else $as_nop
ax_cv_check_ldflags___Wl__z_now=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$ax_check_save_flags
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_now" >&5
printf "%s\n" "$ax_cv_check_ldflags___Wl__z_now" >&6; }
if test x"$ax_cv_check_ldflags___Wl__z_now" = xyes
then :
if test ${LDFLAGS+y}
then :
case " $LDFLAGS " in #(
*" -Wl,-z,now "*) :
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-z,now"; } >&5
(: LDFLAGS already contains -Wl,-z,now) 2>&5
ac_status=$?
printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } ;; #(
*) :
as_fn_append LDFLAGS " -Wl,-z,now"
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5
(: LDFLAGS="$LDFLAGS") 2>&5
ac_status=$?
printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
;;
esac
else $as_nop
LDFLAGS=-Wl,-z,now
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5
(: LDFLAGS="$LDFLAGS") 2>&5
ac_status=$?
printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
fi
else $as_nop
:
fi

1
configure.ac
View File

@@ -4708,6 +4708,7 @@ if test "$enable_hardening" != "no"; then
AX_APPEND_FLAG([-Wc,-fstack-clash-protection], [SSP_LDFLAGS])
])
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [AX_APPEND_FLAG([-Wl,-z,relro], [LDFLAGS])])
AX_CHECK_LINK_FLAG([-Wl,-z,now], [AX_APPEND_FLAG([-Wl,-z,now], [LDFLAGS])])
AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [AX_APPEND_FLAG([-Wl,-z,noexecstack], [LDFLAGS])])
fi