summaryrefslogtreecommitdiff
path: root/extra/Configs/Config.in
diff options
context:
space:
mode:
authorManuel Novoa III <mjn3@codepoet.org>2004-08-26 17:03:09 +0000
committerManuel Novoa III <mjn3@codepoet.org>2004-08-26 17:03:09 +0000
commit9d7a22d351d45808aa88224367cc1dd30e518705 (patch)
treee6b4ce1becdbc3b9b849db2c0c784a9be7001e48 /extra/Configs/Config.in
parent94a9a5a20973964c88bf91110d587eaef693f522 (diff)
Fixes from gentoo.
Diffstat (limited to 'extra/Configs/Config.in')
-rw-r--r--extra/Configs/Config.in31
1 files changed, 30 insertions, 1 deletions
diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in
index be80a3a7d..02eba213a 100644
--- a/extra/Configs/Config.in
+++ b/extra/Configs/Config.in
@@ -201,13 +201,14 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS
config UCLIBC_PIE_SUPPORT
bool "Support ET_DYN in shared library loader"
select FORCE_SHAREABLE_TEXT_SEGMENTS
+ select UCLIBC_COMPLETELY_PIC
default n
help
If you answer Y here, the uClibc native shared library loader will
support ET_DYN/PIE executables.
It requires binutils-2.14.90.0.6 or later and the usage of the
-pie option.
- More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> .
+ More about ET_DYN/PIE binaries on <http://pax.grsecurity.net/> .
WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all
libraries have to be built with -fPIC or -fpic, and all assembler
functions must be written as position independent code (PIC).
@@ -251,6 +252,34 @@ config UCLIBC_PROPOLICE
gcc version, were __guard and __stack_smash_handler are removed from libgcc.
Most people will answer N.
+choice
+ prompt "Propolice protection blocking signal"
+ depends on UCLIBC_PROPOLICE
+ default PROPOLICE_BLOCK_ABRT if ! DODEBUG
+ default PROPOLICE_BLOCK_SEGV if DODEBUG
+ help
+ "abort" use SIGABRT to block offending programs.
+ This is the default implementation.
+
+ "segfault" use SIGSEGV to block offending programs.
+ Use this for debugging.
+
+ "kill" use SIGKILL to block offending programs.
+ Perhaps the best for security.
+
+ If unsure, answer "abort".
+
+config PROPOLICE_BLOCK_ABRT
+ bool "abort"
+
+config PROPOLICE_BLOCK_SEGV
+ bool "segfault"
+
+config PROPOLICE_BLOCK_KILL
+ bool "kill"
+
+endchoice
+
config HAS_NO_THREADS
bool
default n