From 191e6b9441d6789ecc16a3a80eb36ec5b410c083 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 5 Jul 2013 08:13:56 +0200 Subject: waf: Build with RELRO if supported by the compiler. Make sure we create binaries with full RELocation Read-Only support. See https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for more details. The default is to check if the compiler supports RELRO and then enable it. Specifying '--with-relro' will make it mandatory and '--without-relro' will disable it. Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison --- buildtools/wafsamba/wafsamba.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'buildtools') diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index aaa09392f1..caa6fb128d 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -348,6 +348,8 @@ def SAMBA_BINARY(bld, binname, source, if bld.env['ENABLE_PIE'] == True: pie_cflags += ' -fPIE' pie_ldflags.extend(TO_LIST('-pie')) + if bld.env['ENABLE_RELRO'] == True: + pie_ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now')) # first create a target for building the object files for this binary # by separating in this way, we avoid recompiling the C files -- cgit