libvirt/m4/virt-compile-pie.m4
Daniel P. Berrange f015802380 Build all binaries with PIE
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1150999ca4)
2013-04-09 13:55:18 -06:00

31 lines
1.0 KiB
Plaintext

dnl
dnl Check for support for position independent executables
dnl
dnl Copyright (C) 2013 Red Hat, Inc.
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
dnl
AC_DEFUN([LIBVIRT_COMPILE_PIE],[
PIE_CFLAGS=
PIE_LDFLAGS=
gl_COMPILER_OPTION_IF([-fPIE -DPIE], [
PIE_CFLAGS="-fPIE -DPIE"
PIE_LDFLAGS="-pie"
])
AC_SUBST([PIE_CFLAGS])
AC_SUBST([PIE_LDFLAGS])
])