diff options
| author | Eric Andersen <andersen@codepoet.org> | 2004-01-02 23:34:13 +0000 |
|---|---|---|
| committer | Eric Andersen <andersen@codepoet.org> | 2004-01-02 23:34:13 +0000 |
| commit | fb84603f8c45fdafdaa750490785fc1b15541386 (patch) | |
| tree | 257c50f56dfb4d90e775b83a915ae21d9f39bb04 /extra | |
| parent | cadff3f10e8f20f8db0e2878abf90fb16eba797a (diff) | |
Peter S. Mazinger writes:
Hello Erik!
I have made some cosmetical changes to the files, removed the added
SCRT=-fPIC option from building the crt0.S file (but it is a requirement
to build them with -fPIC), and changed some comments. I have left the
ldso.c patch with PIE_SUPPORT ifdefs, but consider applying it w/o them
(see some earlier comment from PaX Team on this issue, as it is considered
a bug). To have it work correctly, you'll also need removing
COMPLETELY_PIC.
One thing is missing: PIE_SUPPORT should be usable only for i386 (for
now).
Also added the support for propolice protection (that works for me and
catches memcpy/strcpy attacks (but needs a special gcc version).
Thanks, Peter
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/Configs/Config.in | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in index 8f5eee439..e175a5909 100644 --- a/extra/Configs/Config.in +++ b/extra/Configs/Config.in @@ -177,6 +177,20 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS little bit smaller and guarantee that no memory will be wasted by badly coded shared libraries. +config UCLIBC_PIE_SUPPORT + bool "Support ET_DYN in shared library loader" + select FORCE_SHAREABLE_TEXT_SEGMENTS + default n + help + If you answer Y here, the uClibc native shared library loader will + support ET_DYN/PIE executables. + It requires binutils-2.14.90.0.6 or later and the usage of the + -pie option. + More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> . + WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all + libraries have to be built with -fPIC or -fpic, and all assembler + functions must be written as position independent code (PIC). + config LDSO_LDD_SUPPORT bool "Native shared library loader 'ldd' support" depends on BUILD_UCLIBC_LDSO @@ -204,6 +218,17 @@ config UCLIBC_CTOR_DTOR then you definitely want to answer Y here. If you don't need ctors or dtors and want your binaries to be as small as possible, then answer N. + +config UCLIBC_PROPOLICE + bool "Support for propolice stack protection" + default n + help + Propolice stack protection. + More about it on <http://www.research.ibm.com/trl/projects/security/ssp> . + To be able to use it, you'll also need a propolice patched gcc, + supporting the -fstack-protector[-all] options. It is a specially patched + gcc version, were __guard and __stack_smash_handler are removed from libgcc. + Most people will answer N. config UCLIBC_PROFILING bool "Support gprof profiling" |