Lines 63-68
Link Here
|
63 |
# notice: modern automatic specs files will also suppress -fstack-protector-all |
63 |
# notice: modern automatic specs files will also suppress -fstack-protector-all |
64 |
# when only -fno-stack-protector is given |
64 |
# when only -fno-stack-protector is given |
65 |
# |
65 |
# |
|
|
66 |
#### has_pic #### |
67 |
# Returns true if the compiler by default or with current CFLAGS |
68 |
# builds position-independent code. |
69 |
# |
70 |
#### has_pie #### |
71 |
# Returns true if the compiler by default or with current CFLAGS |
72 |
# builds position-independent executables |
73 |
# |
74 |
#### has_ssp_all #### |
75 |
# Returns true if the compiler by default or with current CFLAGS |
76 |
# generates stack smash protections for all functions |
77 |
# |
78 |
#### has_ssp #### |
79 |
# Returns true if the compiler by default or with current CFLAGS |
80 |
# generates stack smash protections for most vulnerable functions |
81 |
# |
66 |
|
82 |
|
67 |
# C[XX]FLAGS that we allow in strip-flags |
83 |
# C[XX]FLAGS that we allow in strip-flags |
68 |
setup-allowed-flags() { |
84 |
setup-allowed-flags() { |
Lines 326-332
Link Here
|
326 |
[ "${CFLAGS/-fPIC}" != "${CFLAGS}" ] && return 0 |
342 |
[ "${CFLAGS/-fPIC}" != "${CFLAGS}" ] && return 0 |
327 |
[ "${CFLAGS/-fpic}" != "${CFLAGS}" ] && return 0 |
343 |
[ "${CFLAGS/-fpic}" != "${CFLAGS}" ] && return 0 |
328 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
344 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
329 |
test_version_info pie && return 0 |
|
|
330 |
return 1 |
345 |
return 1 |
331 |
} |
346 |
} |
332 |
|
347 |
|
Lines 334-342
Link Here
|
334 |
has_pie() { |
349 |
has_pie() { |
335 |
[ "${CFLAGS/-fPIE}" != "${CFLAGS}" ] && return 0 |
350 |
[ "${CFLAGS/-fPIE}" != "${CFLAGS}" ] && return 0 |
336 |
[ "${CFLAGS/-fpie}" != "${CFLAGS}" ] && return 0 |
351 |
[ "${CFLAGS/-fpie}" != "${CFLAGS}" ] && return 0 |
337 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIE__)" ] && return 0 |
352 |
# Detect pie in default SPECS by building an executable and checking for DYN type |
338 |
# test PIC while waiting for specs to be updated to generate __PIE__ |
353 |
# There's no tidy pre-processor definition suitable to find PIE. |
339 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
354 |
local temp="$(emktemp)" |
|
|
355 |
echo "int main() { return(0); }" > "${temp}.c" |
356 |
$(tc-getCC) -o "${temp}" "${temp}.c" > /dev/null 2>&1 |
357 |
local ret=$? |
358 |
if [[ ${ret} == 0 ]]; then |
359 |
local exetype=$(readelf -h ${temp} | grep Type: | awk '{print $2}') |
360 |
if [[ ${exetype} = "DYN" ]]; then |
361 |
ret=0 |
362 |
else |
363 |
ret=1 |
364 |
fi |
365 |
fi |
366 |
rm -f ${temp} ${temp}.c |
367 |
return ${ret} |
368 |
} |
369 |
|
370 |
# indicate whether code for SSP is being generated for all functions |
371 |
has_ssp_all() { |
372 |
# note; this matches only -fstack-protector-all |
373 |
[ "${CFLAGS/-fstack-protector-all}" != "${CFLAGS}" ] && return 0 |
374 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __SSP_ALL__)" ] && return 0 |
340 |
return 1 |
375 |
return 1 |
341 |
} |
376 |
} |
342 |
|
377 |
|