diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/arch/hardened-x86_64.h gcc-4.1.1/gcc/config/gentoo-hardened/arch/hardened-x86_64.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/arch/hardened-x86_64.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/arch/hardened-x86_64.h 2006-10-10 20:12:16.000000000 +0200 @@ -0,0 +1,46 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_HARDENED_X86_64_H +#define LINUX_HARDENED_X86_64_H + +#include "../libc-defs.h" +#include "../policy-defs.h" +#include "../specs-filters.h" + +#if defined (GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL) && \ + defined (GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE) + +#ifndef GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC +#define GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC " YYY " GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL " YYY " GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE +#endif + +#ifndef GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC +#define GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC " ZZZ " +#endif + +#endif + +/* + * set up the following definitions for replacing sections + */ + +#ifndef GENTOO_HARDENED_GCC_ARCH_ASM_SPEC +#define GENTOO_HARDENED_GCC_ARCH_ASM_SPEC "%{filter: %{filterbla: -K PIC } }" +#endif + +#ifndef GENTOO_HARDENED_GCC_ARCH_CPP_SPEC +#define GENTOO_HARDENED_GCC_ARCH_CPP_SPEC "-bla -bla" +#endif + +#ifndef GENTOO_HARDENED_GCC_ARCH_CC1_SPEC +#define GENTOO_HARDENED_GCC_ARCH_CC1_SPEC "-dumdidum" +#endif + +#ifndef GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC +#define GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC "%{!pie: %{!nopie: -pie} }" +#endif + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/hardened-callouts.h gcc-4.1.1/gcc/config/gentoo-hardened/hardened-callouts.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/hardened-callouts.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/hardened-callouts.h 2006-10-10 14:56:09.000000000 +0200 @@ -0,0 +1,37 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_HARDENED_CALLOUTS_H +#define LINUX_HARDENED_CALLOUTS_H + +#if defined(GENTOO_HARDENED_GCC_MODE) && \ + defined(GENTOO_HARDENED_GCC_MODE_CALLOUT) && \ + GENTOO_HARDENED_GCC_MODE & GENTOO_HARDENED_GCC_MODE_CALLOUT + +#define GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT " %(hardened_asm_pie) " + +#define GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT " %(hardened_cpp_pie) " + +#define GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT " %(hardened_cc1_pie) " +#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT " %(hardened_cc1_ssp) " +#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT " %(hardened_cc1_ssp_all) " + +#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT " %(hardened_link_pie) " + +#else + +#define GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT "" + +#define GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT "" + +#define GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT "" +#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT "" +#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT "" + +#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT "" + +#endif + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/hardened.h gcc-4.1.1/gcc/config/gentoo-hardened/hardened.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/hardened.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/hardened.h 2006-10-10 20:09:25.000000000 +0200 @@ -0,0 +1,96 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_HARDENED_H +#define LINUX_HARDENED_H + +#include "mode-defs.h" +#include "hardened-callouts.h" + + +#if defined (HAVE_LD_PIE) && \ + defined (GENTOO_HARDENED_GCC_MODE) && \ + defined (GENTOO_HARDENED_GCC_MODE_BUILTIN) && \ + GENTOO_HARDENED_GCC_MODE & \ + GENTOO_HARDENED_GCC_MODE_BUILTIN + + +#ifndef GENTOO_HARDENED_GCC_STARTFILE_SPEC +#ifdef GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC +#define GENTOO_HARDENED_GCC_STARTFILE_SPEC GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC +#endif +#endif + +#ifndef GENTOO_HARDENED_GCC_ENDFILE_SPEC +#ifdef GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC +#define GENTOO_HARDENED_GCC_ENDFILE_SPEC GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC +#endif +#endif + +#ifndef GENTOO_HARDENED_GCC_ASM_SPEC +#ifndef GENTOO_HARDENED_GCC_ARCH_ASM_SPEC +#define GENTOO_HARDENED_GCC_ASM_SPEC \ + GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT +#else +#define GENTOO_HARDENED_GCC_ASM_SPEC \ + GENTOO_HARDENED_GCC_ARCH_ASM_SPEC \ + GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT +#endif +#endif + +#ifndef GENTOO_HARDENED_GCC_CPP_SPEC +#ifndef GENTOO_HARDENED_GCC_ARCH_CPP_SPEC +#define GENTOO_HARDENED_GCC_CPP_SPEC \ + GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT +#else +#define GENTOO_HARDENED_GCC_CPP_SPEC \ + GENTOO_HARDENED_GCC_ARCH_CPP_SPEC \ + GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT +#endif +#endif + +#ifndef GENTOO_HARDENED_GCC_CC1_SPEC +#ifndef GENTOO_HARDENED_GCC_ARCH_CC1_SPEC +#define GENTOO_HARDENED_GCC_CC1_SPEC \ + GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT \ + GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT \ + GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT +#else +#define GENTOO_HARDENED_GCC_CC1_SPEC \ + GENTOO_HARDENED_GCC_ARCH_CC1_SPEC \ + GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT \ + GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT \ + GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT +#endif +#endif + +#ifndef GENTOO_HARDENED_GCC_LINK_PIE_SPEC +#ifndef GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC +#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC \ + GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT +#else +#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC \ + GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC \ + GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT +#endif +#endif + + +#else + + +#undef GENTOO_HARDENED_GCC_STARTFILE_SPEC +#undef GENTOO_HARDENED_GCC_ENDFILE_SPEC + +#define GENTOO_HARDENED_GCC_ASM_SPEC "" +#define GENTOO_HARDENED_GCC_CPP_SPEC "" +#define GENTOO_HARDENED_GCC_CC1_SPEC "" +#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC "" + + +#endif + + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/libc-defs.h gcc-4.1.1/gcc/config/gentoo-hardened/libc-defs.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/libc-defs.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/libc-defs.h 2006-10-10 13:39:53.000000000 +0200 @@ -0,0 +1,35 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +/* + * support for uclibc (when triggered in config.gcc by target) and glibc (default behaviour) + */ + +#ifndef LINUX_LIBC_DEFS_H +#define LINUX_LIBC_DEFS_H + +#ifdef USE_UCLIBC + +#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL +#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL "UCLIBC crt1.o UCLIBC" +#endif + +#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE +#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE "UCLIBC Scrt1.o UCLIBC" +#endif + +#else + +#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL +#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL "crt1.o" +#endif + +#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE +#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE "Scrt1.o" +#endif + +#endif + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/mode-defs.h gcc-4.1.1/gcc/config/gentoo-hardened/mode-defs.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/mode-defs.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/mode-defs.h 2006-10-10 19:59:46.000000000 +0200 @@ -0,0 +1,22 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_MODE_DEFS_H +#define LINUX_MODE_DEFS_H + +#define GENTOO_HARDENED_GCC_MODE_VANILLA 0 +#define GENTOO_HARDENED_GCC_MODE_CALLOUT 1 +#define GENTOO_HARDENED_GCC_MODE_BUILTIN 2 + +//#undef GENTOO_HARDENED_GCC_MODE +//#define GENTOO_HARDENED_GCC_MODE GENTOO_HARDENED_GCC_MODE_VANILLA + +// #undef GENTOO_HARDENED_GCC_MODE +// #define GENTOO_HARDENED_GCC_MODE GENTOO_HARDENED_GCC_MODE_CALLOUT + +//#undef GENTOO_HARDENED_GCC_MODE +#define GENTOO_HARDENED_GCC_MODE 3 // GENTOO_HARDENED_GCC_MODE_BUILTIN + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/policy-defs.h gcc-4.1.1/gcc/config/gentoo-hardened/policy-defs.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/policy-defs.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/policy-defs.h 2006-10-10 15:02:35.000000000 +0200 @@ -0,0 +1,32 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_POLICY_DEFS_H +#define LINUX_POLICY_DEFS_H + +#define GENTOO_HARDENED_GCC_POLICY_AUTO_NONE 0 +#define GENTOO_HARDENED_GCC_POLICY_AUTO_PIE 1 +#define GENTOO_HARDENED_GCC_POLICY_AUTO_SSP 2 +#define GENTOO_HARDENED_GCC_POLICY_AUTO_PIE_SSP 4 + +#undef GENTOO_HARDENED_GCC_POLICY +#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_NONE + +/* uncomment for automatic PIE building +#undef GENTOO_HARDENED_GCC_POLICY +#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_PIE +*/ + +/* uncomment for automatic SSP building +#undef GENTOO_HARDENED_GCC_POLICY +#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_SSP +*/ + +/* uncomment for automatic PIE SSP building +#undef GENTOO_HARDENED_GCC_POLICY +#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_PIE_SSP +*/ + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/specs-filters.h gcc-4.1.1/gcc/config/gentoo-hardened/specs-filters.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/specs-filters.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/config/gentoo-hardened/specs-filters.h 2006-10-10 14:01:49.000000000 +0200 @@ -0,0 +1,9 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +#ifndef LINUX_SPECS_FILTERS_H +#define LINUX_SPECS_FILTERS_H + +#endif + diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/config.gcc gcc-4.1.1/gcc/config.gcc --- gcc-4.1.1.GENTOO_2006-10-08/gcc/config.gcc 2006-10-08 15:35:06.000000000 +0200 +++ gcc-4.1.1/gcc/config.gcc 2006-10-10 13:17:57.000000000 +0200 @@ -325,7 +325,13 @@ ;; esac -tm_file=${cpu_type}/${cpu_type}.h +hardened_dir="gentoo-hardened" +hardened_arc="${hardened_dir}/arch/hardened-${cpu_type}.h" +hardened_all="${hardened_dir}/hardened.h" +hardened_gcc="${hardened_arc} ${hardened_all}" + +tm_file="${hardened_gcc} ${cpu_type}/${cpu_type}.h" + if test -f ${srcdir}/config/${cpu_type}/${cpu_type}-protos.h then tm_p_file=${cpu_type}/${cpu_type}-protos.h diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/gcc.c gcc-4.1.1/gcc/gcc.c --- gcc-4.1.1.GENTOO_2006-10-08/gcc/gcc.c 2006-10-08 15:35:16.000000000 +0200 +++ gcc-4.1.1/gcc/gcc.c 2006-10-10 14:39:28.000000000 +0200 @@ -87,6 +87,8 @@ #include "gcc.h" #include "flags.h" +#include "hardened-stubs.h" + /* By default there is no special suffix for target executables. */ /* FIXME: when autoconf is fixed, remove the host check - dj */ #if defined(TARGET_EXECUTABLE_SUFFIX) && defined(HOST_EXECUTABLE_SUFFIX) @@ -628,6 +630,12 @@ "%{!shared:%{pg:gcrt0%O%s}%{!pg:%{p:mcrt0%O%s}%{!p:crt0%O%s}}}" #endif +/* Gentoo Hardened definitions may overwrite the default specs */ +#ifdef GENTOO_HARDENED_GCC_STARTFILE_SPEC +#undef STARTFILE_SPEC +#define STARTFILE_SPEC GENTOO_HARDENED_GCC_STARTFILE_SPEC +#endif + /* config.h can define SWITCHES_NEED_SPACES to control which options require spaces between the option and the argument. */ #ifndef SWITCHES_NEED_SPACES @@ -639,6 +647,12 @@ #define ENDFILE_SPEC "" #endif +/* Gentoo Hardened definitions may overwrite the default specs */ +#ifdef GENTOO_HARDENED_GCC_ENDFILE_SPEC +#undef ENDFILE_SPEC +#define ENDFILE_SPEC GENTOO_HARDENED_GCC_ENDFILE_SPEC +#endif + #ifndef LINKER_NAME #define LINKER_NAME "collect2" #endif @@ -699,7 +713,7 @@ #ifndef LINK_COMMAND_SPEC #define LINK_COMMAND_SPEC "\ %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\ - %(linker) %l " LINK_PIE_SPEC "%X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}\ + %(linker) %l " LINK_PIE_SPEC GENTOO_HARDENED_GCC_LINK_PIE_SPEC "%X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}\ %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}\ %{static:} %{L*} %(mfwrap) %(link_libgcc) %o %(mflib)\ %{fprofile-arcs|fprofile-generate|coverage:-lgcov}\ @@ -729,12 +743,12 @@ #endif static const char *asm_debug; -static const char *cpp_spec = CPP_SPEC; -static const char *cc1_spec = CC1_SPEC; +static const char *cpp_spec = CPP_SPEC GENTOO_HARDENED_GCC_CPP_SPEC; +static const char *cc1_spec = CC1_SPEC GENTOO_HARDENED_GCC_CC1_SPEC; static const char *cc1plus_spec = CC1PLUS_SPEC; static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; static const char *link_ssp_spec = LINK_SSP_SPEC; -static const char *asm_spec = ASM_SPEC; +static const char *asm_spec = ASM_SPEC GENTOO_HARDENED_GCC_ASM_SPEC; static const char *asm_final_spec = ASM_FINAL_SPEC; static const char *link_spec = LINK_SPEC; static const char *lib_spec = LIB_SPEC; diff -Nru gcc-4.1.1.GENTOO_2006-10-08/gcc/hardened-stubs.h gcc-4.1.1/gcc/hardened-stubs.h --- gcc-4.1.1.GENTOO_2006-10-08/gcc/hardened-stubs.h 1970-01-01 01:00:00.000000000 +0100 +++ gcc-4.1.1/gcc/hardened-stubs.h 2006-10-09 00:46:30.000000000 +0200 @@ -0,0 +1,28 @@ +/* Copyright 1999-2006 Gentoo Foundation */ +/* Distributed under the terms of the GNU General Public License v2 */ +/* $Header: $ */ + +/* list of empty hardened specs stubs needed for gcc.c */ + +#ifndef LINUX_HARDENED_STUBS_H +# define LINUX_HARDENED_STUBS_H +# ifndef GENTOO_HARDENED_ASM_SPEC +# define GENTOO_HARDENED_ASM_SPEC "" +# endif +# ifndef GENTOO_HARDENED_CC1_SPEC +# define GENTOO_HARDENED_CC1_SPEC "" +# endif +# ifndef HAVE_LD_PIE +# ifdef GENTOO_HARDENED_LINK_PIE_SPEC +# undef GENTOO_HARDENED_LINK_PIE_SPEC +# endif +# define GENTOO_HARDENED_LINK_PIE_SPEC "" +# else +# ifndef GENTOO_HARDENED_LINK_PIE_SPEC +# define GENTOO_HARDENED_LINK_PIE_SPEC "" +# endif +# endif +#endif + +/* no stubs for startfile/endfile replacement specs in gcc.c */ +