diff options
-rw-r--r-- | Rules.mak | 2 | ||||
-rw-r--r-- | debian/config | 2 | ||||
-rw-r--r-- | extra/Configs/Config.frv.default | 2 | ||||
-rw-r--r-- | extra/Configs/Config.in | 17 | ||||
-rw-r--r-- | libc/misc/internals/__uClibc_main.c | 4 | ||||
-rw-r--r-- | libc/sysdeps/linux/common/Makefile | 2 |
6 files changed, 18 insertions, 11 deletions
@@ -232,7 +232,7 @@ LDPIEFLAG= endif SSP_DISABLE_FLAGS=$(call check_gcc,-fno-stack-protector,) -ifeq ($(UCLIBC_PROPOLICE),y) +ifeq ($(UCLIBC_BUILD_SSP),y) SSP_CFLAGS=$(call check_gcc,-fno-stack-protector-all,) SSP_CFLAGS+=$(call check_gcc,-fstack-protector,) SSP_ALL_CFLAGS=$(call check_gcc,-fstack-protector-all,) diff --git a/debian/config b/debian/config index bed3b700f..4ee9f789f 100644 --- a/debian/config +++ b/debian/config @@ -43,7 +43,7 @@ BUILD_UCLIBC_LDSO=y # UCLIBC_BUILD_PIE is not set LDSO_LDD_SUPPORT=y UCLIBC_CTOR_DTOR=y -# UCLIBC_PROPOLICE is not set +# UCLIBC_HAS_SSP is not set # HAS_NO_THREADS is not set UCLIBC_HAS_THREADS=y PTHREADS_DEBUG_SUPPORT=y diff --git a/extra/Configs/Config.frv.default b/extra/Configs/Config.frv.default index ac1d0aa4e..780f865bb 100644 --- a/extra/Configs/Config.frv.default +++ b/extra/Configs/Config.frv.default @@ -54,7 +54,7 @@ LDSO_CACHE_SUPPORT=y LDSO_PRELOAD_FILE_SUPPORT=y LDSO_BASE_FILENAME="ld.so.1" UCLIBC_CTOR_DTOR=y -# UCLIBC_PROPOLICE is not set +# UCLIBC_HAS_SSP is not set # HAS_NO_THREADS is not set UCLIBC_HAS_THREADS=y PTHREADS_DEBUG_SUPPORT=y diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in index 5b8283dda..e372dbfd1 100644 --- a/extra/Configs/Config.in +++ b/extra/Configs/Config.in @@ -282,21 +282,21 @@ config UCLIBC_CTOR_DTOR then you definitely want to answer Y here. If you don't need ctors or dtors and want your binaries to be as small as possible, then answer N. - -config UCLIBC_PROPOLICE + +config UCLIBC_HAS_SSP bool "Support for propolice stack protection" default n help - Propolice stack protection. + Adds propolice protection to libc (__guard and __stack_smash_handler). More about it on <http://www.research.ibm.com/trl/projects/security/ssp> . To be able to use it, you'll also need a propolice patched gcc, supporting the -fstack-protector[-all] options. It is a specially patched - gcc version, were __guard and __stack_smash_handler are removed from libgcc. + gcc version, where __guard and __stack_smash_handler are removed from libgcc. Most people will answer N. choice prompt "Propolice protection blocking signal" - depends on UCLIBC_PROPOLICE + depends on UCLIBC_HAS_SSP default PROPOLICE_BLOCK_ABRT if ! DODEBUG default PROPOLICE_BLOCK_SEGV if DODEBUG help @@ -322,6 +322,13 @@ config PROPOLICE_BLOCK_KILL endchoice +config UCLIBC_BUILD_SSP + bool "Build uClibc with propolice protection" + depends on UCLIBC_HAS_SSP + default n + help + Build all libraries and executables with propolice protection enabled. + config HAS_NO_THREADS bool default n diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c index c41f7ccf2..33fc2ec68 100644 --- a/libc/misc/internals/__uClibc_main.c +++ b/libc/misc/internals/__uClibc_main.c @@ -24,7 +24,7 @@ #include <fcntl.h> #include <sys/stat.h> #include <sys/sysmacros.h> -#ifdef __UCLIBC_PROPOLICE__ +#ifdef __UCLIBC_HAS_SSP__ extern void __guard_setup(void); #endif @@ -225,7 +225,7 @@ __uClibc_start_main(int argc, char **argv, char **envp, } #endif -#ifdef __UCLIBC_PROPOLICE__ +#ifdef __UCLIBC_HAS_SSP__ __guard_setup (); #endif diff --git a/libc/sysdeps/linux/common/Makefile b/libc/sysdeps/linux/common/Makefile index 56a65797d..d1187cb7c 100644 --- a/libc/sysdeps/linux/common/Makefile +++ b/libc/sysdeps/linux/common/Makefile @@ -57,7 +57,7 @@ CSRC= __rt_sigtimedwait.c __socketcall.c __syscall_fcntl.c \ ifneq ($(strip $(EXCLUDE_BRK)),y) CSRC+=sbrk.c endif -ifeq ($(strip $(UCLIBC_PROPOLICE)),y) +ifeq ($(strip $(UCLIBC_HAS_SSP)),y) CSRC+=ssp.c endif |