aboutsummaryrefslogtreecommitdiff
path: root/INSTALL
diff options
context:
space:
mode:
authorNick Alcock <nick.alcock@oracle.com>2016-12-26 10:08:18 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-26 10:08:19 +0100
commit03baef1c9cfb396d76cae20a00aee657871e79c4 (patch)
treeed115b828293aa26c4b5f338391286b25eaa955e /INSTALL
parent81e0662e5f2c342ffa413826b7b100d56677b613 (diff)
downloadglibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar
glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.gz
glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.bz2
glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.zip
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value appropriate for the stack-protection level in use for each file in particular.
Diffstat (limited to 'INSTALL')
-rw-r--r--INSTALL11
1 files changed, 11 insertions, 0 deletions
diff --git a/INSTALL b/INSTALL
index acb622a102..104f36b0bf 100644
--- a/INSTALL
+++ b/INSTALL
@@ -135,6 +135,17 @@ will be used, and CFLAGS sets optimization options for the compiler.
'--enable-lock-elision=yes'
Enable lock elision for pthread mutexes by default.
+'--enable-stack-protector'
+'--enable-stack-protector=strong'
+'--enable-stack-protector=all'
+ Compile the C library and all other parts of the glibc package
+ (including the threading and math libraries, NSS modules, and
+ transliteration modules) using the GCC '-fstack-protector',
+ '-fstack-protector-strong' or '-fstack-protector-all' options to
+ detect stack overruns. Only the dynamic linker and a small number
+ of routines called directly from assembler are excluded from this
+ protection.
+
'--enable-pt_chown'
The file 'pt_chown' is a helper binary for 'grantpt' (*note
Pseudo-Terminals: Allocation.) that is installed setuid root to fix