summaryrefslogtreecommitdiffstats
path: root/m4/pie.m4
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 13:14:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 13:14:46 +0000
commit025c439e829e0db9ac511cd9c1b8d5fd53475ead (patch)
treefa6986b4690f991613ffb97cea1f6942427baf5d /m4/pie.m4
parentInitial commit. (diff)
downloadsudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.tar.xz
sudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.zip
Adding upstream version 1.9.15p5.upstream/1.9.15p5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'm4/pie.m4')
-rw-r--r--m4/pie.m486
1 files changed, 86 insertions, 0 deletions
diff --git a/m4/pie.m4 b/m4/pie.m4
new file mode 100644
index 0000000..f2eb470
--- /dev/null
+++ b/m4/pie.m4
@@ -0,0 +1,86 @@
+AC_DEFUN([SUDO_CHECK_PIE_SUPPORT], [
+ dnl
+ dnl Check for PIE executable support if using gcc.
+ dnl This test relies on AC_LANG_WERROR
+ dnl
+ if test -n "$GCC"; then
+ if test X"$enable_pie" = X""; then
+ case "$host_os" in
+ linux*)
+ # Attempt to build with PIE support
+ enable_pie="maybe"
+ ;;
+ esac
+ fi
+ if test X"$enable_pie" != X""; then
+ if test "$enable_pie" = "no"; then
+ AX_CHECK_COMPILE_FLAG([-fno-pie], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-pie"
+ AX_CHECK_LINK_FLAG([-nopie], [
+ PIE_CFLAGS="-fno-pie"
+ PIE_LDFLAGS="-nopie"
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+ else
+ AX_CHECK_COMPILE_FLAG([-fPIE], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fPIE"
+ _LDFLAGS="$LDFLAGS"
+ AX_CHECK_LINK_FLAG([-pie], [
+ if test "$enable_pie" = "maybe"; then
+ LDFLAGS="$LDFLAGS -pie"
+ SUDO_WORKING_PIE([enable_pie=yes], [])
+ fi
+ if test "$enable_pie" = "yes"; then
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-Wc,-fPIE -pie"
+ fi
+ ])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ])
+ fi
+ fi
+ fi
+ if test X"$enable_pie" != X"no" -a X"$with_gnu_ld" = X"no"; then
+ # Solaris 11.1 and higher ld supports PIE executables, ASLR,
+ # non-executable stack and non-executable heap.
+ case "$host_os" in
+ solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
+ # This assumes lt_prog_compiler_pic is a single flag,
+ # which is the case on Solaris.
+ if test -n "$lt_prog_compiler_pic"; then
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ AX_CHECK_LINK_FLAG([-Wl,-ztype=pie], [
+ # Try building PIE if not disabled.
+ if test X"$enable_pie" = X""; then
+ LDFLAGS="$LDFLAGS -Wl,-ztype=pie"
+ SUDO_WORKING_PIE([enable_pie=yes], [])
+ fi
+ if test "$enable_pie" = "yes"; then
+ PIE_CFLAGS="$lt_prog_compiler_pic"
+ PIE_LDFLAGS="-Wc,$lt_prog_compiler_pic -Wl,-ztype=pie"
+ fi
+ ])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ fi
+ # These flags are only valid when linking an executable
+ # so we cannot add them to HARDENING_LDFLAGS.
+ AX_CHECK_LINK_FLAG([-Wl,-zaslr], [
+ AX_APPEND_FLAG([-Wl,-zaslr], [PIE_LDFLAGS])
+ ])
+ AX_CHECK_LINK_FLAG([-Wl,-znxheap], [
+ AX_APPEND_FLAG([-Wl,-znxheap], [PIE_LDFLAGS])
+ ])
+ AX_CHECK_LINK_FLAG([-Wl,-znxstack], [
+ AX_APPEND_FLAG([-Wl,-znxstack], [PIE_LDFLAGS])
+ ])
+ ;;
+ esac
+ fi
+])