diff options
| author | Richard Hughes <richard@hughsie.com> | 2016-11-23 11:46:14 +0000 |
|---|---|---|
| committer | Richard Hughes <richard@hughsie.com> | 2016-11-23 11:46:14 +0000 |
| commit | 009da5bb824d71094c247058bcf5c6e1a650d0b7 (patch) | |
| tree | 1838449c5454c78d16015bbf0e2c2a5004ecd01f | |
| parent | ed4b3632fd504f4a94f0781372e6df97a3f0d362 (diff) | |
| download | appstream-glib-009da5bb824d71094c247058bcf5c6e1a650d0b7.tar.gz | |
Use full RELRO in the client executables
We could be handling untrusted content, so this seems like a good idea.
| -rw-r--r-- | client/Makefile.am | 3 | ||||
| -rw-r--r-- | configure.ac | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/client/Makefile.am b/client/Makefile.am index a363d90..6c0647f 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -38,6 +38,7 @@ appstream_util_LDADD = \ $(SOUP_LIBS) \ $(LIBARCHIVE_LIBS) appstream_util_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) appstream_util_CFLAGS = \ $(WARN_CFLAGS) @@ -53,6 +54,7 @@ appstream_builder_LDADD = \ $(SOUP_LIBS) \ $(LIBARCHIVE_LIBS) appstream_builder_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) appstream_builder_CFLAGS = \ $(WARN_CFLAGS) @@ -67,6 +69,7 @@ appstream_compose_LDADD = \ $(GDKPIXBUF_LIBS) \ $(LIBARCHIVE_LIBS) appstream_compose_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) appstream_compose_CFLAGS = \ $(WARN_CFLAGS) diff --git a/configure.ac b/configure.ac index 2cfa3b2..d02cb74 100644 --- a/configure.ac +++ b/configure.ac @@ -129,6 +129,11 @@ AX_CHECK_COMPILE_FLAG([-fPIE], AC_SUBST(PIE_CFLAGS) AC_SUBST(PIE_LDFLAGS) +# check for full RELRO (relocation read-only) support +AX_CHECK_LINK_FLAG([-Wl,-z,relro,-z,now], + [RELRO_LDFLAGS="-Wl,-z,relro,-z,now"]) +AC_SUBST([RELRO_LDFLAGS]) + # bash-completion AC_ARG_WITH([bashcompletiondir], AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]), |