diff options
| author | Nick Alcock <nick.alcock@oracle.com> | 2016-12-21 16:01:30 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2016-12-21 18:19:56 +0100 |
| commit | a547a051a93361a9ec4edf283bcebea66481fca8 (patch) | |
| tree | d5b7b93e8ff4d43d2a81fc313101824a619ab754 | |
| parent | 299613826cccad6047f3bb4b9b2db97b9c899273 (diff) | |
| download | glibc-fw/stack-protector.tar.gz | |
Enable -fstack-protector=* when requested by configure [BZ #7065]fw/stack-protector
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | Makeconfig | 8 | ||||
| -rw-r--r-- | NEWS | 4 |
3 files changed, 18 insertions, 1 deletions
@@ -1,6 +1,13 @@ 2016-12-21 Nick Alcock <nick.alcock@oracle.com> [BZ #7065] + Enable stack protectore if requested by ./configure. + * Makeconfig (+stack-protector): New variable. + (+cflags): Use it. + +2016-12-21 Nick Alcock <nick.alcock@oracle.com> + + [BZ #7065] * signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector). * sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c: (__rt_sigreturn_stub): Use inhibit_stack_protector. diff --git a/Makeconfig b/Makeconfig index 2d316accf3..0158eaa76e 100644 --- a/Makeconfig +++ b/Makeconfig @@ -807,6 +807,11 @@ endif # disable any optimization that assume default rounding mode. +math-flags = -frounding-math +# We might want to compile with some stack-protection flag. +ifneq ($(stack-protector),) ++stack-protector=$(stack-protector) +endif + # This is the program that generates makefile dependencies from C source files. # The -MP flag tells GCC >= 3.2 (which we now require) to produce dummy # targets for headers so that removed headers don't break the build. @@ -866,7 +871,8 @@ ifeq "$(strip $(+cflags))" "" +cflags := $(default_cflags) endif # $(+cflags) == "" -+cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) ++cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \ + $(+stack-protector) +gcc-nowarn := -w # Don't duplicate options if we inherited variables from the parent. @@ -89,6 +89,10 @@ Version 2.25 * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, are added to libc. They convert a floating-point number into string. +* Most of glibc can now be built with the stack smashing protector enabled. + It is recommended to build glibc with --enable-stack-protector=strong. + Implemented by Nick Alcock (Oracle). + * The function explicit_bzero, from OpenBSD, has been added to libc. It is intended to be used instead of memset() to erase sensitive data after use; the compiler will not optimize out calls to explicit_bzero even if they |