configure: Implement --enable-host-pie

This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. Co-Authored by: Iain Sandoe <iain@sandoe.co.uk> * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. intl/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. libdecnumber/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. zlib/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check.
2025-11-16 12:34:43 +00:00 · 2023-08-07 13:07:12 +02:00
parent 947edb094e
commit 60b42421e9
4 changed files with 97 additions and 7 deletions
--- a/libdecnumber/configure.ac
+++ b/libdecnumber/configure.ac
@@ -99,8 +99,23 @@ AC_C_BIGENDIAN
 # Enable --enable-host-shared.
 AC_ARG_ENABLE(host-shared,
 [AS_HELP_STRING([--enable-host-shared],
-		[build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+		[build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+		[build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
+
 AC_SUBST(PICFLAG)

 # Output.