summaryrefslogtreecommitdiff
path: root/extra/Configs
diff options
context:
space:
mode:
authorEric Andersen <andersen@codepoet.org>2004-01-02 23:34:13 +0000
committerEric Andersen <andersen@codepoet.org>2004-01-02 23:34:13 +0000
commitfb84603f8c45fdafdaa750490785fc1b15541386 (patch)
tree257c50f56dfb4d90e775b83a915ae21d9f39bb04 /extra/Configs
parentcadff3f10e8f20f8db0e2878abf90fb16eba797a (diff)
Peter S. Mazinger writes:
Hello Erik! I have made some cosmetical changes to the files, removed the added SCRT=-fPIC option from building the crt0.S file (but it is a requirement to build them with -fPIC), and changed some comments. I have left the ldso.c patch with PIE_SUPPORT ifdefs, but consider applying it w/o them (see some earlier comment from PaX Team on this issue, as it is considered a bug). To have it work correctly, you'll also need removing COMPLETELY_PIC. One thing is missing: PIE_SUPPORT should be usable only for i386 (for now). Also added the support for propolice protection (that works for me and catches memcpy/strcpy attacks (but needs a special gcc version). Thanks, Peter
Diffstat (limited to 'extra/Configs')
-rw-r--r--extra/Configs/Config.in25
1 files changed, 25 insertions, 0 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in
index 8f5eee439..e175a5909 100644
--- a/extra/Configs/Config.in
+++ b/extra/Configs/Config.in
@@ -177,6 +177,20 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS
little bit smaller and guarantee that no memory will be wasted by badly
coded shared libraries.
+config UCLIBC_PIE_SUPPORT
+ bool "Support ET_DYN in shared library loader"
+ select FORCE_SHAREABLE_TEXT_SEGMENTS
+ default n
+ help
+ If you answer Y here, the uClibc native shared library loader will
+ support ET_DYN/PIE executables.
+ It requires binutils-2.14.90.0.6 or later and the usage of the
+ -pie option.
+ More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> .
+ WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all
+ libraries have to be built with -fPIC or -fpic, and all assembler
+ functions must be written as position independent code (PIC).
+
config LDSO_LDD_SUPPORT
bool "Native shared library loader 'ldd' support"
depends on BUILD_UCLIBC_LDSO
@@ -204,6 +218,17 @@ config UCLIBC_CTOR_DTOR
then you definitely want to answer Y here. If you don't need ctors
or dtors and want your binaries to be as small as possible, then
answer N.
+
+config UCLIBC_PROPOLICE
+ bool "Support for propolice stack protection"
+ default n
+ help
+ Propolice stack protection.
+ More about it on <http://www.research.ibm.com/trl/projects/security/ssp> .
+ To be able to use it, you'll also need a propolice patched gcc,
+ supporting the -fstack-protector[-all] options. It is a specially patched
+ gcc version, were __guard and __stack_smash_handler are removed from libgcc.
+ Most people will answer N.
config UCLIBC_PROFILING
bool "Support gprof profiling"