Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 57413 Details for
Bug 90391
flag-o-matic.eclass, has_pic() returns 0 on non hardened box
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fixup has_pic, has_pie, add has_ssp_all
flago-hases.patch (text/plain), 2.27 KB, created by
Kevin F. Quinn (RETIRED)
on 2005-04-27 11:38:15 UTC
(
hide
)
Description:
Fixup has_pic, has_pie, add has_ssp_all
Filename:
MIME Type:
Creator:
Kevin F. Quinn (RETIRED)
Created:
2005-04-27 11:38:15 UTC
Size:
2.27 KB
patch
obsolete
>--- flag-o-matic.eclass.orig 2005-04-27 19:46:05.000000000 +0200 >+++ flag-o-matic.eclass 2005-04-27 20:15:50.000000000 +0200 >@@ -63,6 +63,22 @@ > # notice: modern automatic specs files will also suppress -fstack-protector-all > # when only -fno-stack-protector is given > # >+#### has_pic #### >+# Returns true if the compiler by default or with current CFLAGS >+# builds position-independent code. >+# >+#### has_pie #### >+# Returns true if the compiler by default or with current CFLAGS >+# builds position-independent executables >+# >+#### has_ssp_all #### >+# Returns true if the compiler by default or with current CFLAGS >+# generates stack smash protections for all functions >+# >+#### has_ssp #### >+# Returns true if the compiler by default or with current CFLAGS >+# generates stack smash protections for most vulnerable functions >+# > > # C[XX]FLAGS that we allow in strip-flags > setup-allowed-flags() { >@@ -326,7 +342,6 @@ > [ "${CFLAGS/-fPIC}" != "${CFLAGS}" ] && return 0 > [ "${CFLAGS/-fpic}" != "${CFLAGS}" ] && return 0 > [ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 >- test_version_info pie && return 0 > return 1 > } > >@@ -334,9 +349,29 @@ > has_pie() { > [ "${CFLAGS/-fPIE}" != "${CFLAGS}" ] && return 0 > [ "${CFLAGS/-fpie}" != "${CFLAGS}" ] && return 0 >- [ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIE__)" ] && return 0 >- # test PIC while waiting for specs to be updated to generate __PIE__ >- [ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __PIC__)" ] && return 0 >+ # Detect pie in default SPECS by building an executable and checking for DYN type >+ # There's no tidy pre-processor definition suitable to find PIE. >+ local temp="$(emktemp)" >+ echo "int main() { return(0); }" > "${temp}.c" >+ $(tc-getCC) -o "${temp}" "${temp}.c" > /dev/null 2>&1 >+ local ret=$? >+ if [[ ${ret} == 0 ]]; then >+ local exetype=$(readelf -h ${temp} | grep Type: | awk '{print $2}') >+ if [[ ${exetype} = "DYN" ]]; then >+ ret=0 >+ else >+ ret=1 >+ fi >+ fi >+ rm -f ${temp} ${temp}.c >+ return ${ret} >+} >+ >+# indicate whether code for SSP is being generated for all functions >+has_ssp_all() { >+ # note; this matches only -fstack-protector-all >+ [ "${CFLAGS/-fstack-protector-all}" != "${CFLAGS}" ] && return 0 >+ [ "$(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __SSP_ALL__)" ] && return 0 > return 1 > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=57413">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 90391
: 57413 |
57511
