diff options
author | Nick Alcock <nick.alcock@oracle.com> | 2016-12-26 10:08:18 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-12-26 10:08:19 +0100 |
commit | 03baef1c9cfb396d76cae20a00aee657871e79c4 (patch) | |
tree | ed115b828293aa26c4b5f338391286b25eaa955e /INSTALL | |
parent | 81e0662e5f2c342ffa413826b7b100d56677b613 (diff) | |
download | glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.gz glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.bz2 glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.zip |
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
Diffstat (limited to 'INSTALL')
-rw-r--r-- | INSTALL | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -135,6 +135,17 @@ will be used, and CFLAGS sets optimization options for the compiler. '--enable-lock-elision=yes' Enable lock elision for pthread mutexes by default. +'--enable-stack-protector' +'--enable-stack-protector=strong' +'--enable-stack-protector=all' + Compile the C library and all other parts of the glibc package + (including the threading and math libraries, NSS modules, and + transliteration modules) using the GCC '-fstack-protector', + '-fstack-protector-strong' or '-fstack-protector-all' options to + detect stack overruns. Only the dynamic linker and a small number + of routines called directly from assembler are excluded from this + protection. + '--enable-pt_chown' The file 'pt_chown' is a helper binary for 'grantpt' (*note Pseudo-Terminals: Allocation.) that is installed setuid root to fix |