mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
f015802380
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1150999ca4
)
31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
dnl
|
|
dnl Check for support for position independent executables
|
|
dnl
|
|
dnl Copyright (C) 2013 Red Hat, Inc.
|
|
dnl
|
|
dnl This library is free software; you can redistribute it and/or
|
|
dnl modify it under the terms of the GNU Lesser General Public
|
|
dnl License as published by the Free Software Foundation; either
|
|
dnl version 2.1 of the License, or (at your option) any later version.
|
|
dnl
|
|
dnl This library is distributed in the hope that it will be useful,
|
|
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
dnl Lesser General Public License for more details.
|
|
dnl
|
|
dnl You should have received a copy of the GNU Lesser General Public
|
|
dnl License along with this library. If not, see
|
|
dnl <http://www.gnu.org/licenses/>.
|
|
dnl
|
|
|
|
AC_DEFUN([LIBVIRT_COMPILE_PIE],[
|
|
PIE_CFLAGS=
|
|
PIE_LDFLAGS=
|
|
gl_COMPILER_OPTION_IF([-fPIE -DPIE], [
|
|
PIE_CFLAGS="-fPIE -DPIE"
|
|
PIE_LDFLAGS="-pie"
|
|
])
|
|
AC_SUBST([PIE_CFLAGS])
|
|
AC_SUBST([PIE_LDFLAGS])
|
|
])
|