* [binutils-gdb] configure: Implement --enable-host-pie
@ 2023-08-12 0:59 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2023-08-12 0:59 UTC (permalink / raw)
To: bfd-cvs, gdb-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=60b42421e900f9bb186c306a657f41b88e422bcd
commit 60b42421e900f9bb186c306a657f41b88e422bcd
Author: Marek Polacek <polacek@redhat.com>
Date: Mon Aug 7 13:07:12 2023 +0200
configure: Implement --enable-host-pie
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
Co-Authored by: Iain Sandoe <iain@sandoe.co.uk>
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
intl/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
libdecnumber/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
zlib/
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
Diff:
---
configure.ac | 43 +++++++++++++++++++++++++++++++++++++++++--
intl/configure.ac | 21 +++++++++++++++++++++
libdecnumber/configure.ac | 19 +++++++++++++++++--
zlib/configure.ac | 21 ++++++++++++++++++---
4 files changed, 97 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index 86d10a6af8e..39dcf54b6a8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1987,6 +1987,28 @@ AC_ARG_ENABLE(linker-plugin-flags,
extra_linker_plugin_flags=)
AC_SUBST(extra_linker_plugin_flags)
+# Enable --enable-host-pie.
+# Checked early to determine whether jit is an 'all' language
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build position independent host executables])],
+[host_pie=$enableval
+ case $host in
+ x86_64-*-darwin* | aarch64-*-darwin*)
+ if test x$host_pie != xyes ; then
+ # PIC is the default, and actually cannot be switched off.
+ echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
+ host_pie=yes
+ fi ;;
+ *) ;;
+ esac],
+[case $host in
+ *-*-darwin2*) host_pie=yes ;;
+ *) host_pie=no ;;
+ esac])
+
+AC_SUBST(host_pie)
+
# Enable --enable-host-shared.
# Checked early to determine whether jit is an 'all' language
AC_ARG_ENABLE(host-shared,
@@ -2000,20 +2022,37 @@ AC_ARG_ENABLE(host-shared,
echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
host_shared=yes
fi ;;
+ *-*-darwin*)
+ if test x$host_pie == xyes ; then
+ echo configure.ac: warning: PIC code is required for PIE executables. 1>&2
+ host_shared=yes
+ fi ;;
*) ;;
esac],
[case $host in
x86_64-*-darwin* | aarch64-*-darwin*) host_shared=yes ;;
- *) host_shared=no ;;
+ # Darwin needs PIC objects to link PIE executables.
+ *-*-darwin*) host_shared=host_pie ;;
+ *) host_shared=no;;
esac])
AC_SUBST(host_shared)
+if test x$host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+
+AC_SUBST(PICFLAG)
+
# If we are building PIC/PIE host executables, and we are building dependent
# libs (e.g. GMP) in-tree those libs need to be configured to generate PIC
# code.
host_libs_picflag=
-if test "$host_shared" = "yes";then
+if test "$host_shared" = "yes" -o "$host_pie" = "yes"; then
host_libs_picflag='--with-pic'
fi
AC_SUBST(host_libs_picflag)
diff --git a/intl/configure.ac b/intl/configure.ac
index 77e2fd2d8c5..a5fc45b3602 100644
--- a/intl/configure.ac
+++ b/intl/configure.ac
@@ -73,5 +73,26 @@ fi
AC_SUBST(BISON3_YES)
AC_SUBST(BISON3_NO)
+# Enable --enable-host-shared.
+AC_ARG_ENABLE(host-shared,
+[AS_HELP_STRING([--enable-host-shared],
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+AC_SUBST(PICFLAG)
+
AC_CONFIG_FILES(Makefile config.intl)
AC_OUTPUT
diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac
index 16c7465b327..2e95b829dc0 100644
--- a/libdecnumber/configure.ac
+++ b/libdecnumber/configure.ac
@@ -99,8 +99,23 @@ AC_C_BIGENDIAN
# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+
AC_SUBST(PICFLAG)
# Output.
diff --git a/zlib/configure.ac b/zlib/configure.ac
index ec73c219228..b50b9c7b426 100644
--- a/zlib/configure.ac
+++ b/zlib/configure.ac
@@ -121,11 +121,26 @@ else
multilib_arg=
fi
+# Enable --enable-host-shared.
AC_ARG_ENABLE(host-shared,
[AS_HELP_STRING([--enable-host-shared],
- [build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
-AC_SUBST(PICFLAG)
+ [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+ [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+ PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+ PICFLAG=-fPIE
+else
+ PICFLAG=
+fi
+AC_SUBST(PICFLAG)
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-08-12 0:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-12 0:59 [binutils-gdb] configure: Implement --enable-host-pie Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).