diff options
| author | Marek Polacek <polacek@redhat.com> | 2023-08-07 13:07:12 +0200 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-08-12 09:58:23 +0930 |
| commit | 60b42421e900f9bb186c306a657f41b88e422bcd (patch) | |
| tree | 129840da06f088a9758bcb3b903fb476bdd5323c /configure.ac | |
| parent | 947edb094ece682e6642c497a871749e8c12d5a5 (diff) | |
configure: Implement --enable-host-pie
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
Co-Authored by: Iain Sandoe <iain@sandoe.co.uk>
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
intl/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
libdecnumber/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
zlib/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 86d10a6af8e..39dcf54b6a8 100644 --- a/configure.ac +++ b/configure.ac @@ -1987,6 +1987,28 @@ AC_ARG_ENABLE(linker-plugin-flags, extra_linker_plugin_flags=) AC_SUBST(extra_linker_plugin_flags) +# Enable --enable-host-pie. +# Checked early to determine whether jit is an 'all' language +AC_ARG_ENABLE(host-pie, +[AS_HELP_STRING([--enable-host-pie], + [build position independent host executables])], +[host_pie=$enableval + case $host in + x86_64-*-darwin* | aarch64-*-darwin*) + if test x$host_pie != xyes ; then + # PIC is the default, and actually cannot be switched off. + echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2 + host_pie=yes + fi ;; + *) ;; + esac], +[case $host in + *-*-darwin2*) host_pie=yes ;; + *) host_pie=no ;; + esac]) + +AC_SUBST(host_pie) + # Enable --enable-host-shared. # Checked early to determine whether jit is an 'all' language AC_ARG_ENABLE(host-shared, @@ -2000,20 +2022,37 @@ AC_ARG_ENABLE(host-shared, echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2 host_shared=yes fi ;; + *-*-darwin*) + if test x$host_pie == xyes ; then + echo configure.ac: warning: PIC code is required for PIE executables. 1>&2 + host_shared=yes + fi ;; *) ;; esac], [case $host in x86_64-*-darwin* | aarch64-*-darwin*) host_shared=yes ;; - *) host_shared=no ;; + # Darwin needs PIC objects to link PIE executables. + *-*-darwin*) host_shared=host_pie ;; + *) host_shared=no;; esac]) AC_SUBST(host_shared) +if test x$host_shared = xyes; then + PICFLAG=-fPIC +elif test x$host_pie = xyes; then + PICFLAG=-fPIE +else + PICFLAG= +fi + +AC_SUBST(PICFLAG) + # If we are building PIC/PIE host executables, and we are building dependent # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC # code. host_libs_picflag= -if test "$host_shared" = "yes";then +if test "$host_shared" = "yes" -o "$host_pie" = "yes"; then host_libs_picflag='--with-pic' fi AC_SUBST(host_libs_picflag) |