From 9d7a22d351d45808aa88224367cc1dd30e518705 Mon Sep 17 00:00:00 2001 From: Manuel Novoa III Date: Thu, 26 Aug 2004 17:03:09 +0000 Subject: Fixes from gentoo. --- extra/Configs/Config.in | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'extra/Configs') diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in index be80a3a7d..02eba213a 100644 --- a/extra/Configs/Config.in +++ b/extra/Configs/Config.in @@ -201,13 +201,14 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS config UCLIBC_PIE_SUPPORT bool "Support ET_DYN in shared library loader" select FORCE_SHAREABLE_TEXT_SEGMENTS + select UCLIBC_COMPLETELY_PIC default n help If you answer Y here, the uClibc native shared library loader will support ET_DYN/PIE executables. It requires binutils-2.14.90.0.6 or later and the usage of the -pie option. - More about ET_DYN/PIE binaries on . + More about ET_DYN/PIE binaries on . WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all libraries have to be built with -fPIC or -fpic, and all assembler functions must be written as position independent code (PIC). @@ -251,6 +252,34 @@ config UCLIBC_PROPOLICE gcc version, were __guard and __stack_smash_handler are removed from libgcc. Most people will answer N. +choice + prompt "Propolice protection blocking signal" + depends on UCLIBC_PROPOLICE + default PROPOLICE_BLOCK_ABRT if ! DODEBUG + default PROPOLICE_BLOCK_SEGV if DODEBUG + help + "abort" use SIGABRT to block offending programs. + This is the default implementation. + + "segfault" use SIGSEGV to block offending programs. + Use this for debugging. + + "kill" use SIGKILL to block offending programs. + Perhaps the best for security. + + If unsure, answer "abort". + +config PROPOLICE_BLOCK_ABRT + bool "abort" + +config PROPOLICE_BLOCK_SEGV + bool "segfault" + +config PROPOLICE_BLOCK_KILL + bool "kill" + +endchoice + config HAS_NO_THREADS bool default n -- cgit v1.2.3