From 9e83c9159ed41954de87dad9f3ce30c1064ddf4e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2008 11:33:26 -0500 Subject: Enable use of Relocations Read-Only, if supported, for enhanced security. (This used to be commit c20c5f082162ff6c0c2931f456897334aa002e83) --- source3/Makefile.in | 4 ++-- source3/configure.in | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index ac33a11a1e..376d24ca2f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -43,8 +43,8 @@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@ EXEEXT=@EXEEXT@ AR=@AR@ -LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@ -LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@ +LDSHFLAGS=@LDSHFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@ +LDFLAGS=@PIE_LDFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@ WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@ AWK=@AWK@ diff --git a/source3/configure.in b/source3/configure.in index 056c0f8049..f884d9344a 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -73,6 +73,7 @@ AC_SUBST(HOST_OS) AC_SUBST(PICFLAG) AC_SUBST(PIE_CFLAGS) AC_SUBST(PIE_LDFLAGS) +AC_SUBST(RELRO_LDFLAGS) AC_SUBST(SHLIBEXT) AC_SUBST(INSTALLLIBCMD_SH) AC_SUBST(INSTALLLIBCMD_A) @@ -1513,6 +1514,32 @@ EOF fi fi +# Set defaults +RELRO_LDFLAGS="" +AC_ARG_ENABLE(relro, [AS_HELP_STRING([--enable-relro], [Turn on Relocations Read-Only (relro) support if available (default=yes)])]) + +if test "x$enable_relro" != xno +then + AC_CACHE_CHECK([for -Wl,-z,relro], samba_cv_relro, + [ + cat > conftest.c <&AS_MESSAGE_LOG_FD]) + then + samba_cv_relro=yes + else + samba_cv_relro=no + fi + rm -f conftest* + ]) + if test x"${samba_cv_relro}" = x"yes" + then + RELRO_LDFLAGS="-Wl,-z,relro" + fi +fi + # Assume non-shared by default and override below BLDSHARED="false" -- cgit