openldap/openldap-security-pie.patch

18 lines
740 B
Diff
Raw Normal View History

Build slapd as position-independent executable (PIE) to take an advantage of
address space layout randomization (ASLD).
Author: Thomas Woerner <twoerner@redhat.com>
diff -uNPrp openldap-2.4.23.old/servers/slapd/Makefile.in openldap-2.4.23.new/servers/slapd/Makefile.in
--- openldap-2.4.23.old/servers/slapd/Makefile.in 2010-04-13 22:23:09.000000000 +0200
+++ openldap-2.4.23.new/servers/slapd/Makefile.in 2010-08-24 15:09:08.999680712 +0200
@@ -266,7 +266,7 @@ libslapi.a: slapi/.libs/libslapi.a
cp slapi/.libs/libslapi.a .
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
$(WRAP_LIBS)
$(RM) $(SLAPTOOLS)
for i in $(SLAPTOOLS); do \