From fb84603f8c45fdafdaa750490785fc1b15541386 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Fri, 2 Jan 2004 23:34:13 +0000 Subject: Peter S. Mazinger writes: Hello Erik! I have made some cosmetical changes to the files, removed the added SCRT=-fPIC option from building the crt0.S file (but it is a requirement to build them with -fPIC), and changed some comments. I have left the ldso.c patch with PIE_SUPPORT ifdefs, but consider applying it w/o them (see some earlier comment from PaX Team on this issue, as it is considered a bug). To have it work correctly, you'll also need removing COMPLETELY_PIC. One thing is missing: PIE_SUPPORT should be usable only for i386 (for now). Also added the support for propolice protection (that works for me and catches memcpy/strcpy attacks (but needs a special gcc version). Thanks, Peter --- extra/Configs/Config.in | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'extra') diff --git a/extra/Configs/Config.in b/extra/Configs/Config.in index 8f5eee439..e175a5909 100644 --- a/extra/Configs/Config.in +++ b/extra/Configs/Config.in @@ -177,6 +177,20 @@ config FORCE_SHAREABLE_TEXT_SEGMENTS little bit smaller and guarantee that no memory will be wasted by badly coded shared libraries. +config UCLIBC_PIE_SUPPORT + bool "Support ET_DYN in shared library loader" + select FORCE_SHAREABLE_TEXT_SEGMENTS + default n + help + If you answer Y here, the uClibc native shared library loader will + support ET_DYN/PIE executables. + It requires binutils-2.14.90.0.6 or later and the usage of the + -pie option. + More about ET_DYN/PIE binaries on . + WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all + libraries have to be built with -fPIC or -fpic, and all assembler + functions must be written as position independent code (PIC). + config LDSO_LDD_SUPPORT bool "Native shared library loader 'ldd' support" depends on BUILD_UCLIBC_LDSO @@ -204,6 +218,17 @@ config UCLIBC_CTOR_DTOR then you definitely want to answer Y here. If you don't need ctors or dtors and want your binaries to be as small as possible, then answer N. + +config UCLIBC_PROPOLICE + bool "Support for propolice stack protection" + default n + help + Propolice stack protection. + More about it on . + To be able to use it, you'll also need a propolice patched gcc, + supporting the -fstack-protector[-all] options. It is a specially patched + gcc version, were __guard and __stack_smash_handler are removed from libgcc. + Most people will answer N. config UCLIBC_PROFILING bool "Support gprof profiling" -- cgit v1.2.3