|
Lines 63-68
Link Here
|
| 63 |
# notice: modern automatic specs files will also suppress -fstack-protector-all |
63 |
# notice: modern automatic specs files will also suppress -fstack-protector-all |
| 64 |
# when only -fno-stack-protector is given |
64 |
# when only -fno-stack-protector is given |
| 65 |
# |
65 |
# |
|
|
66 |
#### has_pic #### |
| 67 |
# Returns true if the compiler by default or with current CFLAGS |
| 68 |
# builds position-independent code. |
| 69 |
# |
| 70 |
#### has_pie #### |
| 71 |
# Returns true if the compiler by default or with current CFLAGS |
| 72 |
# builds position-independent executables |
| 73 |
# |
| 74 |
#### has_ssp_all #### |
| 75 |
# Returns true if the compiler by default or with current CFLAGS |
| 76 |
# generates stack smash protections for all functions |
| 77 |
# |
| 78 |
#### has_ssp #### |
| 79 |
# Returns true if the compiler by default or with current CFLAGS |
| 80 |
# generates stack smash protections for most vulnerable functions |
| 81 |
# |
| 66 |
|
82 |
|
| 67 |
# C[XX]FLAGS that we allow in strip-flags |
83 |
# C[XX]FLAGS that we allow in strip-flags |
| 68 |
setup-allowed-flags() { |
84 |
setup-allowed-flags() { |
|
Lines 326-332
Link Here
|
| 326 |
[ "${CFLAGS/-fPIC}" != "${CFLAGS}" ] && return 0 |
342 |
[ "${CFLAGS/-fPIC}" != "${CFLAGS}" ] && return 0 |
| 327 |
[ "${CFLAGS/-fpic}" != "${CFLAGS}" ] && return 0 |
343 |
[ "${CFLAGS/-fpic}" != "${CFLAGS}" ] && return 0 |
| 328 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
344 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
| 329 |
test_version_info pie && return 0 |
|
|
| 330 |
return 1 |
345 |
return 1 |
| 331 |
} |
346 |
} |
| 332 |
|
347 |
|
|
Lines 334-342
Link Here
|
| 334 |
has_pie() { |
349 |
has_pie() { |
| 335 |
[ "${CFLAGS/-fPIE}" != "${CFLAGS}" ] && return 0 |
350 |
[ "${CFLAGS/-fPIE}" != "${CFLAGS}" ] && return 0 |
| 336 |
[ "${CFLAGS/-fpie}" != "${CFLAGS}" ] && return 0 |
351 |
[ "${CFLAGS/-fpie}" != "${CFLAGS}" ] && return 0 |
| 337 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIE__)" ] && return 0 |
352 |
# Detect pie in default SPECS by building an executable and checking for DYN type |
| 338 |
# test PIC while waiting for specs to be updated to generate __PIE__ |
353 |
# There's no tidy pre-processor definition suitable to find PIE. |
| 339 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 |
354 |
local temp="$(emktemp)" |
|
|
355 |
echo "int main() { return(0); }" > "${temp}.c" |
| 356 |
$(tc-getCC) -o "${temp}" "${temp}.c" > /dev/null 2>&1 |
| 357 |
local ret=$? |
| 358 |
if [[ ${ret} == 0 ]]; then |
| 359 |
local exetype=$(readelf -h ${temp} | grep Type: | awk '{print $2}') |
| 360 |
if [[ ${exetype} = "DYN" ]]; then |
| 361 |
ret=0 |
| 362 |
else |
| 363 |
ret=1 |
| 364 |
fi |
| 365 |
fi |
| 366 |
rm -f ${temp} ${temp}.c |
| 367 |
return ${ret} |
| 368 |
} |
| 369 |
|
| 370 |
# indicate whether code for SSP is being generated for all functions |
| 371 |
has_ssp_all() { |
| 372 |
# note; this matches only -fstack-protector-all |
| 373 |
[ "${CFLAGS/-fstack-protector-all}" != "${CFLAGS}" ] && return 0 |
| 374 |
[ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __SSP_ALL__)" ] && return 0 |
| 340 |
return 1 |
375 |
return 1 |
| 341 |
} |
376 |
} |
| 342 |
|
377 |
|
