Attachment 83199 Details for Bug 127659 – provide 'get-soft-flags' in flag-o-matic to determine flags for disabling hardened bits and bobs

[patch] provide 'get-soft-flags' in flag-o-matic to determine flags for disabling hardened bits and bobs

get-soft-flags.patch (text/plain), 3.37 KB, created by Kevin F. Quinn (RETIRED) on 2006-03-26 16:00:20 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kevin F. Quinn (RETIRED)

Created: 2006-03-26 16:00:20 UTC

Size: 3.37 KB

patch

obsolete

>Index: flag-o-matic.eclass
>===================================================================
>RCS file: /var/cvsroot/gentoo-x86/eclass/flag-o-matic.eclass,v
>retrieving revision 1.106
>diff -u -b -B -r1.106 flag-o-matic.eclass
>--- flag-o-matic.eclass	19 Feb 2006 23:18:30 -0000	1.106
>+++ flag-o-matic.eclass	26 Mar 2006 23:58:28 -0000
>@@ -61,6 +61,14 @@
> #### bindnow-flags ####
> # Returns the flags to enable "now" binding in the current selected linker.
> #
>+#### get-soft-flags ####
>+# Write to stdout the gcc options to disable hardened tech
>+# Intended for use where the options need to be set to
>+# something other than C[XX]FLAGS.  Use this rather than
>+# hard-coding the flags in ebuilds.
>+# Usage:
>+#    MY_CC_OPTS=$(get-soft-flags [pie] [ssp] [ssp-to-all] [now] [relro])
>+#
> ################ DEPRECATED functions ################
> # The following are still present to avoid breaking existing
> # code more than necessary; however they are deprecated. Please
>@@ -101,7 +109,7 @@
> 		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -g -g0 -g1 -g2 -g3 -ggdb -ggdb0 -ggdb1 -ggdb2 -ggdb3"
> 	fi
> 	# allow a bunch of flags that negate features / control ABI
>-	ALLOWED_FLAGS="${ALLOWED_FLAGS} -fno-stack-protector -fno-stack-protector-all"
>+	ALLOWED_FLAGS="${ALLOWED_FLAGS} -nopie -nonow -norelro -fno-stack-protector -fno-stack-protector-all"
> 	ALLOWED_FLAGS="${ALLOWED_FLAGS} -mregparm -mno-app-regs -mapp-regs \
> 		-mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow \
> 		-mips1 -mips2 -mips3 -mips4 -mips32 -mips64 -mips16 \
>@@ -118,6 +126,35 @@
> 	return 0
> }
> 
>+# echo flags to disabled hardened tech
>+get-soft-flags() {
>+	local f
>+	for f in "$@" ; do
>+		case "${f}" in
>+			# Ideally we should only concern ourselves with PIE flags,
>+			# not -fPIC or -fpic, but too many places filter -fPIC without
>+			# thinking about -fPIE.
>+			pie)
>+				gcc-specs-pie || continue
>+				is-flagq -nopie || echo -n -nopie;;
>+			ssp)
>+				gcc-specs-ssp || continue
>+				is-flagq -fno-stack-protector || echo -n -fno-stack-protector;;
>+			ssp-to-all)
>+				gcc-specs-ssp-to-all || continue
>+				is-flagq -fno-stack-protector-all || echo -n -fno-stack-protector-all;;
>+			now)
>+				gcc-specs-now || continue
>+				is-flagq -nonow || echo -n -nonow;;
>+			relro)
>+				gcc-specs-relro || continue
>+				is-flagq -norelro || echo -n -norelro;;
>+			*)
>+				die "get-soft-flags does not understand ${f}";;
>+		esac
>+	done
>+}
>+
> # inverted filters for hardened compiler.  This is trying to unpick
> # the hardened compiler defaults.
> _filter-hardened() {
>@@ -128,14 +165,11 @@
> 			# not -fPIC or -fpic, but too many places filter -fPIC without
> 			# thinking about -fPIE.
> 			-fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie)
>-				gcc-specs-pie || continue
>-				is-flagq -nopie || append-flags -nopie;;
>+				append-flags $(get-soft-flags pie);;
> 			-fstack-protector)
>-				gcc-specs-ssp || continue
>-				is-flagq -fno-stack-protector || append-flags -fno-stack-protector;;
>+				append-flags $(get-soft-flags ssp);;
> 			-fstack-protector-all)
>-				gcc-specs-ssp-to-all || continue
>-				is-flagq -fno-stack-protector-all || append-flags -fno-stack-protector-all;;
>+				append-flags $(get-soft-flags ssp-to-all);;
> 		esac
> 	done
> }
>@@ -385,7 +420,7 @@
> # its really only present due to the append-flags() abomination.
> test-flags() { test-flags-CC "$@"; }
> 
>-# Depriciated, use test-flags()
>+# Deprecated, use test-flags()
> test_flag() {
> 	ewarn "test_flag: deprecated, please use test-flags()!" >&2
>

Actions: View | Diff

Attachments on bug 127659: 83180 | 83181 | 83199