67 lines
1.7 KiB
Diff
67 lines
1.7 KiB
Diff
commit c20c5f082162ff6c0c2931f456897334aa002e83
|
|
Author: Simo Sorce <idra@samba.org>
|
|
Date: Fri Mar 7 11:33:26 2008 -0500
|
|
|
|
Enable use of Relocations Read-Only, if supported, for enhanced security.
|
|
|
|
diff --git a/source/Makefile.in b/source/Makefile.in
|
|
index ac33a11..376d24c 100644
|
|
--- a/source/Makefile.in
|
|
+++ b/source/Makefile.in
|
|
@@ -43,8 +43,8 @@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@
|
|
|
|
EXEEXT=@EXEEXT@
|
|
AR=@AR@
|
|
-LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
|
|
-LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
|
|
+LDSHFLAGS=@LDSHFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
|
|
+LDFLAGS=@PIE_LDFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
|
|
|
|
WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
|
|
AWK=@AWK@
|
|
diff --git a/source/configure.in b/source/configure.in
|
|
index 056c0f8..f884d93 100644
|
|
--- a/source/configure.in
|
|
+++ b/source/configure.in
|
|
@@ -73,6 +73,7 @@ AC_SUBST(HOST_OS)
|
|
AC_SUBST(PICFLAG)
|
|
AC_SUBST(PIE_CFLAGS)
|
|
AC_SUBST(PIE_LDFLAGS)
|
|
+AC_SUBST(RELRO_LDFLAGS)
|
|
AC_SUBST(SHLIBEXT)
|
|
AC_SUBST(INSTALLLIBCMD_SH)
|
|
AC_SUBST(INSTALLLIBCMD_A)
|
|
@@ -1513,6 +1514,32 @@ EOF
|
|
fi
|
|
fi
|
|
|
|
+# Set defaults
|
|
+RELRO_LDFLAGS=""
|
|
+AC_ARG_ENABLE(relro, [AS_HELP_STRING([--enable-relro], [Turn on Relocations Read-Only (relro) support if available (default=yes)])])
|
|
+
|
|
+if test "x$enable_relro" != xno
|
|
+then
|
|
+ AC_CACHE_CHECK([for -Wl,-z,relro], samba_cv_relro,
|
|
+ [
|
|
+ cat > conftest.c <<EOF
|
|
+int foo;
|
|
+main () { return 0;}
|
|
+EOF
|
|
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -Wl,-z,relro -o conftest conftest.c 1>&AS_MESSAGE_LOG_FD])
|
|
+ then
|
|
+ samba_cv_relro=yes
|
|
+ else
|
|
+ samba_cv_relro=no
|
|
+ fi
|
|
+ rm -f conftest*
|
|
+ ])
|
|
+ if test x"${samba_cv_relro}" = x"yes"
|
|
+ then
|
|
+ RELRO_LDFLAGS="-Wl,-z,relro"
|
|
+ fi
|
|
+fi
|
|
+
|
|
# Assume non-shared by default and override below
|
|
BLDSHARED="false"
|
|
|