summaryrefslogtreecommitdiff
path: root/extra
diff options
context:
space:
mode:
Diffstat (limited to 'extra')
-rw-r--r--extra/Configs/Config.in31
-rwxr-xr-xextra/scripts/fix_includes.sh19
2 files changed, 46 insertions, 4 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in
index be80a3a7d..02eba213a 100644
--- a/extra/Configs/Config.in
+++ b/extra/Configs/Config.in
@@ -201,13 +201,14 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS
config UCLIBC_PIE_SUPPORT
bool "Support ET_DYN in shared library loader"
select FORCE_SHAREABLE_TEXT_SEGMENTS
+ select UCLIBC_COMPLETELY_PIC
default n
help
If you answer Y here, the uClibc native shared library loader will
support ET_DYN/PIE executables.
It requires binutils-2.14.90.0.6 or later and the usage of the
-pie option.
- More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> .
+ More about ET_DYN/PIE binaries on <http://pax.grsecurity.net/> .
WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all
libraries have to be built with -fPIC or -fpic, and all assembler
functions must be written as position independent code (PIC).
@@ -251,6 +252,34 @@ config UCLIBC_PROPOLICE
gcc version, were __guard and __stack_smash_handler are removed from libgcc.
Most people will answer N.
+choice
+ prompt "Propolice protection blocking signal"
+ depends on UCLIBC_PROPOLICE
+ default PROPOLICE_BLOCK_ABRT if ! DODEBUG
+ default PROPOLICE_BLOCK_SEGV if DODEBUG
+ help
+ "abort" use SIGABRT to block offending programs.
+ This is the default implementation.
+
+ "segfault" use SIGSEGV to block offending programs.
+ Use this for debugging.
+
+ "kill" use SIGKILL to block offending programs.
+ Perhaps the best for security.
+
+ If unsure, answer "abort".
+
+config PROPOLICE_BLOCK_ABRT
+ bool "abort"
+
+config PROPOLICE_BLOCK_SEGV
+ bool "segfault"
+
+config PROPOLICE_BLOCK_KILL
+ bool "kill"
+
+endchoice
+
config HAS_NO_THREADS
bool
default n
diff --git a/extra/scripts/fix_includes.sh b/extra/scripts/fix_includes.sh
index ae25267d8..4930ff7e5 100755
--- a/extra/scripts/fix_includes.sh
+++ b/extra/scripts/fix_includes.sh
@@ -59,10 +59,10 @@ while [ -n "$1" ]; do
esac;
done;
-if [ ! -f "$KERNEL_SOURCE/Makefile" ]; then
+if [ ! -f "$KERNEL_SOURCE/Makefile" -a ! -f "$KERNEL_SOURCE/include/linux/version.h" ]; then
echo "";
echo "";
- echo "The file $KERNEL_SOURCE/Makefile is missing!";
+ echo "The file $KERNEL_SOURCE/Makefile or $KERNEL_SOURCE/include/linux/version.h is missing!";
echo "Perhaps your kernel source is broken?"
echo "";
echo "";
@@ -78,8 +78,21 @@ if [ ! -d "$KERNEL_SOURCE" ]; then
exit 1;
fi;
-# set current VERSION, PATCHLEVEL, SUBLEVEL, EXTERVERSION
+if [ -f "$KERNEL_SOURCE/Makefile" ] ; then
+# set current VERSION, PATCHLEVEL, SUBLEVEL, EXTRAVERSION
eval `sed -n -e 's/^\([A-Z]*\) = \([0-9]*\)$/\1=\2/p' -e 's/^\([A-Z]*\) = \(-[-a-z0-9]*\)$/\1=\2/p' $KERNEL_SOURCE/Makefile`
+else
+ver=`grep UTS_RELEASE $KERNEL_SOURCE/include/linux/version.h | cut -d '"' -f 2`
+VERSION=`echo "$ver" | cut -d '.' -f 1`
+PATCHLEVEL=`echo "$ver" | cut -d '.' -f 2`
+if echo "$ver" | grep -q '-' ; then
+SUBLEVEL=`echo "$ver" | sed "s/${VERSION}.${PATCHLEVEL}.//" | cut -d '-' -f 1`
+EXTRAVERSION=`echo "$ver" | sed "s/${VERSION}.${PATCHLEVEL}.${SUBLEVEL}-//"`
+else
+SUBLEVEL=`echo "$ver" | cut -d '.' -f 3`
+#EXTRAVERSION=
+fi
+fi
if [ -z "$VERSION" -o -z "$PATCHLEVEL" -o -z "$SUBLEVEL" ]
then
echo "Unable to determine version for kernel headers"