Attachment #99310 for bug #149649




/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

#ifndef LINUX_HARDENED_X86_64_H
#define LINUX_HARDENED_X86_64_H

#include "../libc-defs.h"
#include "../policy-defs.h"
#include "../specs-filters.h"

#if defined (GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL) && \
	defined (GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE)

#ifndef GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC
#define GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC  " YYY " GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL " YYY " GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE
#endif

#ifndef GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC
#define GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC " ZZZ "
#endif

#endif

/*
 * set up the following definitions for replacing sections
 */

#ifndef GENTOO_HARDENED_GCC_ARCH_ASM_SPEC
#define GENTOO_HARDENED_GCC_ARCH_ASM_SPEC "%{filter: %{filterbla: -K PIC } }"
#endif

#ifndef GENTOO_HARDENED_GCC_ARCH_CPP_SPEC
#define GENTOO_HARDENED_GCC_ARCH_CPP_SPEC "-bla -bla"
#endif

#ifndef GENTOO_HARDENED_GCC_ARCH_CC1_SPEC
#define GENTOO_HARDENED_GCC_ARCH_CC1_SPEC "-dumdidum"
#endif

#ifndef GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC
#define GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC "%{!pie: %{!nopie: -pie} }"
#endif

#endif





/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

#ifndef LINUX_HARDENED_CALLOUTS_H
#define LINUX_HARDENED_CALLOUTS_H

#if defined(GENTOO_HARDENED_GCC_MODE) && \
	defined(GENTOO_HARDENED_GCC_MODE_CALLOUT) && \
	GENTOO_HARDENED_GCC_MODE & GENTOO_HARDENED_GCC_MODE_CALLOUT

#define GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT " %(hardened_asm_pie) "

#define GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT " %(hardened_cpp_pie) "

#define GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT " %(hardened_cc1_pie) "
#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT " %(hardened_cc1_ssp) "
#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT " %(hardened_cc1_ssp_all) "

#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT " %(hardened_link_pie) "

#else

#define GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT ""

#define GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT ""

#define GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT ""
#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT ""
#define GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT ""

#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT ""

#endif

#endif





/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

#ifndef LINUX_HARDENED_H
#define LINUX_HARDENED_H

#include "mode-defs.h"
#include "hardened-callouts.h"


#if defined (HAVE_LD_PIE) && \
	defined (GENTOO_HARDENED_GCC_MODE) && \
	defined (GENTOO_HARDENED_GCC_MODE_BUILTIN) && \
			 GENTOO_HARDENED_GCC_MODE & \
			 GENTOO_HARDENED_GCC_MODE_BUILTIN


#ifndef GENTOO_HARDENED_GCC_STARTFILE_SPEC
#ifdef GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC
#define GENTOO_HARDENED_GCC_STARTFILE_SPEC GENTOO_HARDENED_GCC_ARCH_STARTFILE_SPEC
#endif
#endif

#ifndef GENTOO_HARDENED_GCC_ENDFILE_SPEC
#ifdef GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC
#define GENTOO_HARDENED_GCC_ENDFILE_SPEC GENTOO_HARDENED_GCC_ARCH_ENDFILE_SPEC
#endif
#endif

#ifndef GENTOO_HARDENED_GCC_ASM_SPEC
#ifndef GENTOO_HARDENED_GCC_ARCH_ASM_SPEC
#define GENTOO_HARDENED_GCC_ASM_SPEC \
		GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT
#else
#define GENTOO_HARDENED_GCC_ASM_SPEC \
		GENTOO_HARDENED_GCC_ARCH_ASM_SPEC \
		GENTOO_HARDENED_GCC_ASM_SPEC_PIE_CALLOUT
#endif
#endif

#ifndef GENTOO_HARDENED_GCC_CPP_SPEC
#ifndef GENTOO_HARDENED_GCC_ARCH_CPP_SPEC
#define GENTOO_HARDENED_GCC_CPP_SPEC \
		GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT
#else
#define GENTOO_HARDENED_GCC_CPP_SPEC \
		GENTOO_HARDENED_GCC_ARCH_CPP_SPEC \
		GENTOO_HARDENED_GCC_CPP_SPEC_PIE_CALLOUT
#endif
#endif

#ifndef GENTOO_HARDENED_GCC_CC1_SPEC
#ifndef GENTOO_HARDENED_GCC_ARCH_CC1_SPEC
#define GENTOO_HARDENED_GCC_CC1_SPEC \
		GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT \
		GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT \
		GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT
#else
#define GENTOO_HARDENED_GCC_CC1_SPEC \
		GENTOO_HARDENED_GCC_ARCH_CC1_SPEC \
		GENTOO_HARDENED_GCC_CC1_SPEC_PIE_CALLOUT \
		GENTOO_HARDENED_GCC_CC1_SPEC_SSP_CALLOUT \
		GENTOO_HARDENED_GCC_CC1_SPEC_SSP_ALL_CALLOUT
#endif
#endif

#ifndef GENTOO_HARDENED_GCC_LINK_PIE_SPEC
#ifndef GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC
#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC \
		GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT
#else
#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC \
		GENTOO_HARDENED_GCC_ARCH_LINK_PIE_SPEC \
		GENTOO_HARDENED_GCC_LINK_PIE_SPEC_PIE_CALLOUT
#endif
#endif


#else


#undef GENTOO_HARDENED_GCC_STARTFILE_SPEC
#undef GENTOO_HARDENED_GCC_ENDFILE_SPEC

#define GENTOO_HARDENED_GCC_ASM_SPEC ""
#define GENTOO_HARDENED_GCC_CPP_SPEC ""
#define GENTOO_HARDENED_GCC_CC1_SPEC ""
#define GENTOO_HARDENED_GCC_LINK_PIE_SPEC ""


#endif


#endif





/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

/*
 * support for uclibc (when triggered in config.gcc by target) and glibc (default behaviour)
 */

#ifndef LINUX_LIBC_DEFS_H
#define LINUX_LIBC_DEFS_H

#ifdef USE_UCLIBC

#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL
#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL "UCLIBC crt1.o UCLIBC"
#endif

#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE
#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE "UCLIBC Scrt1.o UCLIBC"
#endif

#else

#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL
#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_NORMAL "crt1.o"
#endif

#ifndef GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE
#define GENTOO_HARDENED_GCC_LIBC_CRT1_NAME_PIE "Scrt1.o"
#endif

#endif

#endif





/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

#ifndef LINUX_MODE_DEFS_H
#define LINUX_MODE_DEFS_H

#define GENTOO_HARDENED_GCC_MODE_VANILLA 0
#define GENTOO_HARDENED_GCC_MODE_CALLOUT 1
#define GENTOO_HARDENED_GCC_MODE_BUILTIN 2

//#undef  GENTOO_HARDENED_GCC_MODE
//#define GENTOO_HARDENED_GCC_MODE GENTOO_HARDENED_GCC_MODE_VANILLA

// #undef  GENTOO_HARDENED_GCC_MODE
// #define GENTOO_HARDENED_GCC_MODE GENTOO_HARDENED_GCC_MODE_CALLOUT

//#undef  GENTOO_HARDENED_GCC_MODE
#define GENTOO_HARDENED_GCC_MODE 3 // GENTOO_HARDENED_GCC_MODE_BUILTIN

#endif





/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

#ifndef LINUX_POLICY_DEFS_H
#define LINUX_POLICY_DEFS_H

#define GENTOO_HARDENED_GCC_POLICY_AUTO_NONE 0
#define GENTOO_HARDENED_GCC_POLICY_AUTO_PIE 1
#define GENTOO_HARDENED_GCC_POLICY_AUTO_SSP 2
#define GENTOO_HARDENED_GCC_POLICY_AUTO_PIE_SSP 4

#undef  GENTOO_HARDENED_GCC_POLICY
#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_NONE

/* uncomment for automatic PIE building
#undef  GENTOO_HARDENED_GCC_POLICY
#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_PIE
*/

/* uncomment for automatic SSP building
#undef  GENTOO_HARDENED_GCC_POLICY
#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_SSP
*/

/* uncomment for automatic PIE SSP building
#undef  GENTOO_HARDENED_GCC_POLICY
#define GENTOO_HARDENED_GCC_POLICY GENTOO_HARDENED_GCC_POLICY_AUTO_PIE_SSP
*/

#endif


Line 0 Link Here

(-)gcc-4.1.1.GENTOO_2006-10-08/gcc/config/gentoo-hardened/specs-filters.h (+9 lines)
	1	/* Copyright 1999-2006 Gentoo Foundation */
	2	/* Distributed under the terms of the GNU General Public License v2 */
	3	/* $Header: $ */
	4
	5	#ifndef LINUX_SPECS_FILTERS_H
	6	#define LINUX_SPECS_FILTERS_H
	7
	8	#endif
	9

Lines 325-331 Link Here

(-)gcc-4.1.1.GENTOO_2006-10-08/gcc/config.gcc (-1 / +7 lines)
325	;;	325	;;
326	esac	326	esac
327		327
328	tm_file=${cpu_type}/${cpu_type}.h	328	hardened_dir="gentoo-hardened"
		329	hardened_arc="${hardened_dir}/arch/hardened-${cpu_type}.h"
		330	hardened_all="${hardened_dir}/hardened.h"
		331	hardened_gcc="${hardened_arc} ${hardened_all}"
		332
		333	tm_file="${hardened_gcc} ${cpu_type}/${cpu_type}.h"
		334
329	if test -f ${srcdir}/config/${cpu_type}/${cpu_type}-protos.h	335	if test -f ${srcdir}/config/${cpu_type}/${cpu_type}-protos.h
330	then	336	then
331	tm_p_file=${cpu_type}/${cpu_type}-protos.h	337	tm_p_file=${cpu_type}/${cpu_type}-protos.h

Lines 87-92 Link Here

(-)gcc-4.1.1.GENTOO_2006-10-08/gcc/gcc.c (-4 / +18 lines)
87	#include "gcc.h"	87	#include "gcc.h"
88	#include "flags.h"	88	#include "flags.h"
89		89
		90	#include "hardened-stubs.h"
		91
90	/* By default there is no special suffix for target executables. */	92	/* By default there is no special suffix for target executables. */
91	/* FIXME: when autoconf is fixed, remove the host check - dj */	93	/* FIXME: when autoconf is fixed, remove the host check - dj */
92	#if defined(TARGET_EXECUTABLE_SUFFIX) && defined(HOST_EXECUTABLE_SUFFIX)	94	#if defined(TARGET_EXECUTABLE_SUFFIX) && defined(HOST_EXECUTABLE_SUFFIX)
Lines 628-633 Link Here
628	"%{!shared:%{pg:gcrt0%O%s}%{!pg:%{p:mcrt0%O%s}%{!p:crt0%O%s}}}"	630	"%{!shared:%{pg:gcrt0%O%s}%{!pg:%{p:mcrt0%O%s}%{!p:crt0%O%s}}}"
629	#endif	631	#endif
630		632
		633	/* Gentoo Hardened definitions may overwrite the default specs */
		634	#ifdef GENTOO_HARDENED_GCC_STARTFILE_SPEC
		635	#undef STARTFILE_SPEC
		636	#define STARTFILE_SPEC GENTOO_HARDENED_GCC_STARTFILE_SPEC
		637	#endif
		638
631	/* config.h can define SWITCHES_NEED_SPACES to control which options	639	/* config.h can define SWITCHES_NEED_SPACES to control which options
632	require spaces between the option and the argument. */	640	require spaces between the option and the argument. */
633	#ifndef SWITCHES_NEED_SPACES	641	#ifndef SWITCHES_NEED_SPACES
Lines 639-644 Link Here
639	#define ENDFILE_SPEC ""	647	#define ENDFILE_SPEC ""
640	#endif	648	#endif
641		649
		650	/* Gentoo Hardened definitions may overwrite the default specs */
		651	#ifdef GENTOO_HARDENED_GCC_ENDFILE_SPEC
		652	#undef ENDFILE_SPEC
		653	#define ENDFILE_SPEC GENTOO_HARDENED_GCC_ENDFILE_SPEC
		654	#endif
		655
642	#ifndef LINKER_NAME	656	#ifndef LINKER_NAME
643	#define LINKER_NAME "collect2"	657	#define LINKER_NAME "collect2"
644	#endif	658	#endif
Lines 699-705 Link Here
699	#ifndef LINK_COMMAND_SPEC	713	#ifndef LINK_COMMAND_SPEC
700	#define LINK_COMMAND_SPEC "\	714	#define LINK_COMMAND_SPEC "\
701	%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\	715	%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\
702	%(linker) %l " LINK_PIE_SPEC "%X %{o} %{A} %{d} %{e} %{m} %{N} %{n} %{r}\	716	%(linker) %l " LINK_PIE_SPEC GENTOO_HARDENED_GCC_LINK_PIE_SPEC "%X %{o} %{A} %{d} %{e} %{m} %{N} %{n} %{r}\
703	%{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}\	717	%{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}\
704	%{static:} %{L*} %(mfwrap) %(link_libgcc) %o %(mflib)\	718	%{static:} %{L*} %(mfwrap) %(link_libgcc) %o %(mflib)\
705	%{fprofile-arcs\|fprofile-generate\|coverage:-lgcov}\	719	%{fprofile-arcs\|fprofile-generate\|coverage:-lgcov}\
Lines 729-740 Link Here
729	#endif	743	#endif
730		744
731	static const char *asm_debug;	745	static const char *asm_debug;
732	static const char *cpp_spec = CPP_SPEC;	746	static const char *cpp_spec = CPP_SPEC GENTOO_HARDENED_GCC_CPP_SPEC;
733	static const char *cc1_spec = CC1_SPEC;	747	static const char *cc1_spec = CC1_SPEC GENTOO_HARDENED_GCC_CC1_SPEC;
734	static const char *cc1plus_spec = CC1PLUS_SPEC;	748	static const char *cc1plus_spec = CC1PLUS_SPEC;
735	static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;	749	static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
736	static const char *link_ssp_spec = LINK_SSP_SPEC;	750	static const char *link_ssp_spec = LINK_SSP_SPEC;
737	static const char *asm_spec = ASM_SPEC;	751	static const char *asm_spec = ASM_SPEC GENTOO_HARDENED_GCC_ASM_SPEC;
738	static const char *asm_final_spec = ASM_FINAL_SPEC;	752	static const char *asm_final_spec = ASM_FINAL_SPEC;
739	static const char *link_spec = LINK_SPEC;	753	static const char *link_spec = LINK_SPEC;
740	static const char *lib_spec = LIB_SPEC;	754	static const char *lib_spec = LIB_SPEC;




/* Copyright 1999-2006 Gentoo Foundation */
/* Distributed under the terms of the GNU General Public License v2 */
/* $Header: $ */

/* list of empty hardened specs stubs needed for gcc.c */

#ifndef LINUX_HARDENED_STUBS_H
# define LINUX_HARDENED_STUBS_H
# ifndef GENTOO_HARDENED_ASM_SPEC
#  define GENTOO_HARDENED_ASM_SPEC ""
# endif
# ifndef GENTOO_HARDENED_CC1_SPEC
#  define GENTOO_HARDENED_CC1_SPEC ""
# endif
# ifndef HAVE_LD_PIE
#  ifdef GENTOO_HARDENED_LINK_PIE_SPEC
#   undef GENTOO_HARDENED_LINK_PIE_SPEC
#  endif
#  define GENTOO_HARDENED_LINK_PIE_SPEC ""
# else
#  ifndef GENTOO_HARDENED_LINK_PIE_SPEC
#   define GENTOO_HARDENED_LINK_PIE_SPEC ""
#  endif
# endif
#endif

/* no stubs for startfile/endfile replacement specs in gcc.c */


Return to bug 149649

Line 0 Link Here

(-)gcc-4.1.1.GENTOO_2006-10-08/gcc/hardened-stubs.h (+28 lines)
	1	/* Copyright 1999-2006 Gentoo Foundation */
	2	/* Distributed under the terms of the GNU General Public License v2 */
	3	/* $Header: $ */
	4
	5	/* list of empty hardened specs stubs needed for gcc.c */
	6
	7	#ifndef LINUX_HARDENED_STUBS_H
	8	# define LINUX_HARDENED_STUBS_H
	9	# ifndef GENTOO_HARDENED_ASM_SPEC
	10	# define GENTOO_HARDENED_ASM_SPEC ""
	11	# endif
	12	# ifndef GENTOO_HARDENED_CC1_SPEC
	13	# define GENTOO_HARDENED_CC1_SPEC ""
	14	# endif
	15	# ifndef HAVE_LD_PIE
	16	# ifdef GENTOO_HARDENED_LINK_PIE_SPEC
	17	# undef GENTOO_HARDENED_LINK_PIE_SPEC
	18	# endif
	19	# define GENTOO_HARDENED_LINK_PIE_SPEC ""
	20	# else
	21	# ifndef GENTOO_HARDENED_LINK_PIE_SPEC
	22	# define GENTOO_HARDENED_LINK_PIE_SPEC ""
	23	# endif
	24	# endif
	25	#endif
	26
	27	/* no stubs for startfile/endfile replacement specs in gcc.c */
	28