diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2018-12-06 23:45:21 +0100 |
|---|---|---|
| committer | Björn Esser <besser82@fedoraproject.org> | 2018-12-06 23:45:21 +0100 |
| commit | b8714d4e9e37cf0d511917bd5eea0e51e4a397d5 (patch) | |
| tree | e948ce2208d4419499420911b2c5164257f09ea9 /configure.ac | |
| parent | c6d1c2f95d21a59c46f9560c3eb389356a3b3ce0 (diff) | |
| download | libxcrypt-b8714d4e9e37cf0d511917bd5eea0e51e4a397d5.tar.gz libxcrypt-b8714d4e9e37cf0d511917bd5eea0e51e4a397d5.tar.bz2 libxcrypt-b8714d4e9e37cf0d511917bd5eea0e51e4a397d5.zip | |
Apply full read-only relocations to generated binaries, if supported.
The relro flag ensures that the ELF sections are reordered so that the
ELF internal data sections (.got, .dtors, etc.) precede the program's
data sections (.data and .bss) and that the non-PLT GOT is read-only.
In case of a bss or data overflow bug the relro flags protects the ELF
internal data sections from being overwritten (as the ELF sections are
reordered).
The bind-now flag tells the dynamic linker to resolve all symbols when
the program is started, or when the shared library is linked to using
dlopen, instead of deferring function call resolution to the point when
the function is first called. Together with the relro flag the bind-now
effectively re-maps the whole GOT to be read-only.
The only downside of immediate binding causing slowed down startup of
processes as the linker has to perform all relocations at startup time,
is not that much of a problem for libxcrypt, as the only external
dependency it has is the system's libc.
The resulting full read-only relocation mitigates the well known
technique of modifying a GOT entry to get control over the program
execution flow.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index a99f7b6..cf502ec 100644 --- a/configure.ac +++ b/configure.ac @@ -168,6 +168,40 @@ if test "x$ac_cv_ld_no_textrel" != xunknown; then fi AC_SUBST([TEXT_RELOC_FLAG]) +# FIXME: This only checks whether the linker accepts -Wl,-z,relro. +# It doesn't check that the switch actually does what we want it to do. +AC_CACHE_CHECK([how to link with read-only relocations], + [ac_cv_ld_relro], [ + ac_cv_ld_relro=unknown + SAVED_LDFLAGS="$LDFLAGS" + LDFLAGS="$SAVED_LDFLAGS -Wl,-z,relro" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [int i = 1;])], + [ac_cv_ld_relro=-Wl,-z,relro]) + LDFLAGS="$SAVED_LDFLAGS"]) + +RELRO_FLAG= +if test "x$ac_cv_ld_relro" != xunknown; then + RELRO_FLAG="$ac_cv_ld_relro" +fi +AC_SUBST([RELRO_FLAG]) + +# FIXME: This only checks whether the linker accepts -Wl,-z,now. +# It doesn't check that the switch actually does what we want it to do. +AC_CACHE_CHECK([how to link with immediate binding], + [ac_cv_ld_now], [ + ac_cv_ld_now=unknown + SAVED_LDFLAGS="$LDFLAGS" + LDFLAGS="$SAVED_LDFLAGS -Wl,-z,now" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [int i = 1;])], + [ac_cv_ld_now=-Wl,-z,now]) + LDFLAGS="$SAVED_LDFLAGS"]) + +BINDNOW_FLAG= +if test "x$ac_cv_ld_now" != xunknown; then + BINDNOW_FLAG="$ac_cv_ld_now" +fi +AC_SUBST([BINDNOW_FLAG]) + # FIXME: This only checks whether the compiler accepts -fno-plt. # It doesn't check that the switch actually does what we want it to do. AX_APPEND_COMPILE_FLAGS([-fno-plt], [OPTI_FLAGS]) |