Move PIE executable checks to m4/pie.m4
This commit is contained in:
Todd C. Miller
1
MANIFEST
1
MANIFEST
@@ -431,6 +431,7 @@ m4/ltoptions.m4
|
||||
m4/ltsugar.m4
|
||||
m4/ltversion.m4
|
||||
m4/lt~obsolete.m4
|
||||
m4/pie.m4
|
||||
m4/python.m4
|
||||
m4/runlog.m4
|
||||
m4/sanitizer.m4
|
||||
|
||||
1
aclocal.m4
vendored
1
aclocal.m4
vendored
@@ -24,6 +24,7 @@ m4_include([m4/ltoptions.m4])
|
||||
m4_include([m4/ltsugar.m4])
|
||||
m4_include([m4/ltversion.m4])
|
||||
m4_include([m4/lt~obsolete.m4])
|
||||
m4_include([m4/pie.m4])
|
||||
m4_include([m4/python.m4])
|
||||
m4_include([m4/runlog.m4])
|
||||
m4_include([m4/sanitizer.m4])
|
||||
|
||||
15
configure
vendored
15
configure
vendored
@@ -31602,8 +31602,9 @@ fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if test -n "$GCC"; then
|
||||
if test -z "$enable_pie"; then
|
||||
|
||||
if test -n "$GCC"; then
|
||||
if test X"$enable_pie" = X""; then
|
||||
case "$host_os" in
|
||||
linux*)
|
||||
# Attempt to build with PIE support
|
||||
@@ -31611,7 +31612,7 @@ if test -n "$GCC"; then
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
if test -n "$enable_pie"; then
|
||||
if test X"$enable_pie" != X""; then
|
||||
if test "$enable_pie" = "no"; then
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5
|
||||
printf %s "checking whether C compiler accepts -fno-pie... " >&6; }
|
||||
@@ -31839,8 +31840,8 @@ fi
|
||||
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if test "$enable_pie" != "yes"; then
|
||||
fi
|
||||
if test X"$enable_pie" != X"yes"; then
|
||||
# Solaris 11.1 and higher supports tagging binaries to use ASLR
|
||||
case "$host_os" in
|
||||
solaris2.1[1-9]|solaris2.[2-9][0-9])
|
||||
@@ -31881,6 +31882,7 @@ printf "%s\n" "$ax_cv_check_ldflags___Wl__z_aslr" >&6; }
|
||||
if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes
|
||||
then :
|
||||
|
||||
|
||||
if test ${PIE_LDFLAGS+y}
|
||||
then :
|
||||
|
||||
@@ -31914,6 +31916,7 @@ else case e in #(
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
else case e in #(
|
||||
e) : ;;
|
||||
esac
|
||||
@@ -31921,7 +31924,7 @@ fi
|
||||
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if test -n "$GCC"; then
|
||||
|
||||
52
configure.ac
52
configure.ac
@@ -4568,57 +4568,7 @@ case "$OS" in
|
||||
;;
|
||||
esac
|
||||
|
||||
dnl
|
||||
dnl Check for PIE executable support if using gcc.
|
||||
dnl This test relies on AC_LANG_WERROR
|
||||
dnl
|
||||
if test -n "$GCC"; then
|
||||
if test -z "$enable_pie"; then
|
||||
case "$host_os" in
|
||||
linux*)
|
||||
# Attempt to build with PIE support
|
||||
enable_pie="maybe"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
if test -n "$enable_pie"; then
|
||||
if test "$enable_pie" = "no"; then
|
||||
AX_CHECK_COMPILE_FLAG([-fno-pie], [
|
||||
_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -fno-pie"
|
||||
AX_CHECK_LINK_FLAG([-nopie], [
|
||||
PIE_CFLAGS="-fno-pie"
|
||||
PIE_LDFLAGS="-nopie"
|
||||
])
|
||||
CFLAGS="$_CFLAGS"
|
||||
])
|
||||
else
|
||||
AX_CHECK_COMPILE_FLAG([-fPIE], [
|
||||
_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -fPIE"
|
||||
AX_CHECK_LINK_FLAG([-pie], [
|
||||
if test "$enable_pie" = "maybe"; then
|
||||
SUDO_WORKING_PIE([enable_pie=yes], [])
|
||||
fi
|
||||
if test "$enable_pie" = "yes"; then
|
||||
PIE_CFLAGS="-fPIE"
|
||||
PIE_LDFLAGS="-Wc,-fPIE -pie"
|
||||
fi
|
||||
])
|
||||
CFLAGS="$_CFLAGS"
|
||||
])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if test "$enable_pie" != "yes"; then
|
||||
# Solaris 11.1 and higher supports tagging binaries to use ASLR
|
||||
case "$host_os" in
|
||||
solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
|
||||
AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [AX_APPEND_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS])])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
SUDO_CHECK_PIE_SUPPORT
|
||||
SUDO_SYMBOL_VISIBILITY
|
||||
SUDO_CHECK_SANITIZER
|
||||
SUDO_CHECK_HARDENING
|
||||
|
||||
54
m4/pie.m4
Normal file
54
m4/pie.m4
Normal file
@@ -0,0 +1,54 @@
|
||||
AC_DEFUN([SUDO_CHECK_PIE_SUPPORT], [
|
||||
dnl
|
||||
dnl Check for PIE executable support if using gcc.
|
||||
dnl This test relies on AC_LANG_WERROR
|
||||
dnl
|
||||
if test -n "$GCC"; then
|
||||
if test X"$enable_pie" = X""; then
|
||||
case "$host_os" in
|
||||
linux*)
|
||||
# Attempt to build with PIE support
|
||||
enable_pie="maybe"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
if test X"$enable_pie" != X""; then
|
||||
if test "$enable_pie" = "no"; then
|
||||
AX_CHECK_COMPILE_FLAG([-fno-pie], [
|
||||
_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -fno-pie"
|
||||
AX_CHECK_LINK_FLAG([-nopie], [
|
||||
PIE_CFLAGS="-fno-pie"
|
||||
PIE_LDFLAGS="-nopie"
|
||||
])
|
||||
CFLAGS="$_CFLAGS"
|
||||
])
|
||||
else
|
||||
AX_CHECK_COMPILE_FLAG([-fPIE], [
|
||||
_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -fPIE"
|
||||
AX_CHECK_LINK_FLAG([-pie], [
|
||||
if test "$enable_pie" = "maybe"; then
|
||||
SUDO_WORKING_PIE([enable_pie=yes], [])
|
||||
fi
|
||||
if test "$enable_pie" = "yes"; then
|
||||
PIE_CFLAGS="-fPIE"
|
||||
PIE_LDFLAGS="-Wc,-fPIE -pie"
|
||||
fi
|
||||
])
|
||||
CFLAGS="$_CFLAGS"
|
||||
])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if test X"$enable_pie" != X"yes"; then
|
||||
# Solaris 11.1 and higher supports tagging binaries to use ASLR
|
||||
case "$host_os" in
|
||||
solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
|
||||
AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [
|
||||
AX_APPEND_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS])
|
||||
])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
])
|
||||
Reference in New Issue
Block a user