[uClibc-cvs] uClibc/extra/Configs Config.in,1.42,1.43
Erik Andersen
andersen at uclibc.org
Fri Jan 2 23:34:14 UTC 2004
Update of /var/cvs/uClibc/extra/Configs
In directory nail:/tmp/cvs-serv1058/extra/Configs
Modified Files:
Config.in
Log Message:
Peter S. Mazinger writes:
Hello Erik!
I have made some cosmetical changes to the files, removed the added
SCRT=-fPIC option from building the crt0.S file (but it is a requirement
to build them with -fPIC), and changed some comments. I have left the
ldso.c patch with PIE_SUPPORT ifdefs, but consider applying it w/o them
(see some earlier comment from PaX Team on this issue, as it is considered
a bug). To have it work correctly, you'll also need removing
COMPLETELY_PIC.
One thing is missing: PIE_SUPPORT should be usable only for i386 (for
now).
Also added the support for propolice protection (that works for me and
catches memcpy/strcpy attacks (but needs a special gcc version).
Thanks, Peter
Index: Config.in
===================================================================
RCS file: /var/cvs/uClibc/extra/Configs/Config.in,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- Config.in 30 Dec 2003 10:40:47 -0000 1.42
+++ Config.in 2 Jan 2004 23:34:12 -0000 1.43
@@ -177,6 +177,20 @@
little bit smaller and guarantee that no memory will be wasted by badly
coded shared libraries.
+config UCLIBC_PIE_SUPPORT
+ bool "Support ET_DYN in shared library loader"
+ select FORCE_SHAREABLE_TEXT_SEGMENTS
+ default n
+ help
+ If you answer Y here, the uClibc native shared library loader will
+ support ET_DYN/PIE executables.
+ It requires binutils-2.14.90.0.6 or later and the usage of the
+ -pie option.
+ More about ET_DYN/PIE binaries on <http://pageexec.virtualave.net/> .
+ WARNING: This option also enables FORCE_SHAREABLE_TEXT_SEGMENTS, so all
+ libraries have to be built with -fPIC or -fpic, and all assembler
+ functions must be written as position independent code (PIC).
+
config LDSO_LDD_SUPPORT
bool "Native shared library loader 'ldd' support"
depends on BUILD_UCLIBC_LDSO
@@ -204,6 +218,17 @@
then you definitely want to answer Y here. If you don't need ctors
or dtors and want your binaries to be as small as possible, then
answer N.
+
+config UCLIBC_PROPOLICE
+ bool "Support for propolice stack protection"
+ default n
+ help
+ Propolice stack protection.
+ More about it on <http://www.research.ibm.com/trl/projects/security/ssp> .
+ To be able to use it, you'll also need a propolice patched gcc,
+ supporting the -fstack-protector[-all] options. It is a specially patched
+ gcc version, were __guard and __stack_smash_handler are removed from libgcc.
+ Most people will answer N.
config UCLIBC_PROFILING
bool "Support gprof profiling"
More information about the uClibc-cvs
mailing list