[uClibc-cvs] uClibc/extra/Configs Config.in,1.42,1.43

Erik Andersen andersen at uclibc.org
Fri Jan 2 23:34:14 UTC 2004


Update of /var/cvs/uClibc/extra/Configs
In directory nail:/tmp/cvs-serv1058/extra/Configs

Modified Files:
	Config.in 
Log Message:
Peter S. Mazinger writes:

Hello Erik!

I have made some cosmetical changes to the files, removed the added 
SCRT=-fPIC option from building the crt0.S file (but it is a requirement 
to build them with -fPIC), and changed some comments. I have left the 
ldso.c patch with PIE_SUPPORT ifdefs, but consider applying it w/o them 
(see some earlier comment from PaX Team on this issue, as it is considered 
a bug). To have it work correctly, you'll also need removing 
COMPLETELY_PIC.
One thing is missing: PIE_SUPPORT should be usable only for i386 (for 
now).

Also added the support for propolice protection (that works for me and 
catches memcpy/strcpy attacks (but needs a special gcc version).

Thanks, Peter



Index: Config.in
===================================================================
RCS file: /var/cvs/uClibc/extra/Configs/Config.in,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- Config.in	30 Dec 2003 10:40:47 -0000	1.42
+++ Config.in	2 Jan 2004 23:34:12 -0000	1.43
@@ -177,6 +177,20 @@
 	  little bit smaller and guarantee that no memory will be wasted by badly
 	  coded shared libraries.
 
+config UCLIBC_PIE_SUPPORT
+	bool "Support ET_DYN in shared library loader"
+	select FORCE_SHAREABLE_TEXT_SEGMENTS
+	default n
+	help
+	  If you answer Y here, the uClibc native shared library loader will
+	  support ET_DYN/PIE executables.
+	  It requires binutils-2.14.90.0.6 or later and the usage of the
+	  -pie option.
+	  More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> .
+	  WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all
+		libraries have to be built with -fPIC or -fpic, and all assembler
+		functions must be written as position independent code (PIC).
+
 config LDSO_LDD_SUPPORT
 	bool "Native shared library loader 'ldd' support"
 	depends on BUILD_UCLIBC_LDSO
@@ -204,6 +218,17 @@
 	  then you definitely want to answer Y here.  If you don't need ctors
 	  or dtors and want your binaries to be as small as possible, then
 	  answer N.
+	  
+config UCLIBC_PROPOLICE
+	bool "Support for propolice stack protection"
+	default n
+	help
+	  Propolice stack protection.
+	  More about it on <http://www.research.ibm.com/trl/projects/security/ssp> .
+	  To be able to use it, you'll also need a propolice patched gcc,
+	  supporting the -fstack-protector[-all] options. It is a specially patched
+	  gcc version, were __guard and __stack_smash_handler are removed from libgcc.
+	  Most people will answer N.
 
 config UCLIBC_PROFILING
 	bool "Support gprof profiling"




More information about the uClibc-cvs mailing list