forked from Imagelibrary/binutils-gdb
configure: Implement --enable-host-pie
This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. Co-Authored by: Iain Sandoe <iain@sandoe.co.uk> * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. intl/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. libdecnumber/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. zlib/ * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check.
This commit is contained in:
Marek Polacek
committed by
Alan Modra
Alan Modra
parent
947edb094e
commit
60b42421e9
43
configure.ac
43
configure.ac
@@ -1987,6 +1987,28 @@ AC_ARG_ENABLE(linker-plugin-flags,
|
||||
extra_linker_plugin_flags=)
|
||||
AC_SUBST(extra_linker_plugin_flags)
|
||||
|
||||
# Enable --enable-host-pie.
|
||||
# Checked early to determine whether jit is an 'all' language
|
||||
AC_ARG_ENABLE(host-pie,
|
||||
[AS_HELP_STRING([--enable-host-pie],
|
||||
[build position independent host executables])],
|
||||
[host_pie=$enableval
|
||||
case $host in
|
||||
x86_64-*-darwin* | aarch64-*-darwin*)
|
||||
if test x$host_pie != xyes ; then
|
||||
# PIC is the default, and actually cannot be switched off.
|
||||
echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
|
||||
host_pie=yes
|
||||
fi ;;
|
||||
*) ;;
|
||||
esac],
|
||||
[case $host in
|
||||
*-*-darwin2*) host_pie=yes ;;
|
||||
*) host_pie=no ;;
|
||||
esac])
|
||||
|
||||
AC_SUBST(host_pie)
|
||||
|
||||
# Enable --enable-host-shared.
|
||||
# Checked early to determine whether jit is an 'all' language
|
||||
AC_ARG_ENABLE(host-shared,
|
||||
@@ -2000,20 +2022,37 @@ AC_ARG_ENABLE(host-shared,
|
||||
echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
|
||||
host_shared=yes
|
||||
fi ;;
|
||||
*-*-darwin*)
|
||||
if test x$host_pie == xyes ; then
|
||||
echo configure.ac: warning: PIC code is required for PIE executables. 1>&2
|
||||
host_shared=yes
|
||||
fi ;;
|
||||
*) ;;
|
||||
esac],
|
||||
[case $host in
|
||||
x86_64-*-darwin* | aarch64-*-darwin*) host_shared=yes ;;
|
||||
*) host_shared=no ;;
|
||||
# Darwin needs PIC objects to link PIE executables.
|
||||
*-*-darwin*) host_shared=host_pie ;;
|
||||
*) host_shared=no;;
|
||||
esac])
|
||||
|
||||
AC_SUBST(host_shared)
|
||||
|
||||
if test x$host_shared = xyes; then
|
||||
PICFLAG=-fPIC
|
||||
elif test x$host_pie = xyes; then
|
||||
PICFLAG=-fPIE
|
||||
else
|
||||
PICFLAG=
|
||||
fi
|
||||
|
||||
AC_SUBST(PICFLAG)
|
||||
|
||||
# If we are building PIC/PIE host executables, and we are building dependent
|
||||
# libs (e.g. GMP) in-tree those libs need to be configured to generate PIC
|
||||
# code.
|
||||
host_libs_picflag=
|
||||
if test "$host_shared" = "yes";then
|
||||
if test "$host_shared" = "yes" -o "$host_pie" = "yes"; then
|
||||
host_libs_picflag='--with-pic'
|
||||
fi
|
||||
AC_SUBST(host_libs_picflag)
|
||||
|
||||
Reference in New Issue
Block a user