blob: 0a16cbb13fe77cfef191b80dd1215a73dcd06579 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Subject: add immediate binding and relro when enabling position independent
executables
Author: Steve Beattie <steve.beattie@canonical.com>
When enabling position independent executables (-pie) to get better
Address Space Layout Protection, using immediate binding (linking with
"-z now") gives better protection as well. Added relro to the patch as well
since it seems to have gotten lost somewhere (ScottK/2016-07-29).
---
makedefs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: postfix/makedefs
===================================================================
--- postfix.orig/makedefs
+++ postfix/makedefs
@@ -1219,7 +1219,7 @@ case "$pie" in
case " $CCARGS " in
*" $CCARGS_PIE "*) CCARGS_PIE=;;
esac
- SYSLIBS_PIE="-pie";;
+ SYSLIBS_PIE="-pie -z relro -z now";;
""|no) ;;
*) error "Specify \"pie=yes\" or \"pie=no\"";;
esac
|
