mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

On Solaris 11 and higher, tag binaries for ASLR if supported by the

Browse Source 
linker.
This commit is contained in:
Todd C. Miller 2013-05-30 09:29:36 -04:00
parent d962673a74
commit c057692da7
3 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -107,6 +107,9 @@ What's new in Sudo 1.8.7?
by default on Linux systems and verifies that a trivial test by default on Linux systems and verifies that a trivial test
program builds and runs. program builds and runs.
* On Solaris 11.1 and higher, sudo binaries will now have the
ASLR tag enabled if supported by the linker.
What's new in Sudo 1.8.6p8? What's new in Sudo 1.8.6p8?
* Terminal detection now works properly on 64-bit AIX kernels. * Terminal detection now works properly on 64-bit AIX kernels.

46
configure vendored
View File

@ -1567,8 +1567,7 @@ Optional Features:
--enable-werror Whether to enable the -Werror compiler option --enable-werror Whether to enable the -Werror compiler option
--disable-hardening Do not use compiler/linker exploit mitigation --disable-hardening Do not use compiler/linker exploit mitigation
options options
--disable-pie Do not build position independent executables, even --enable-pie Build sudo as a position independent executable.
if the compiler/linker supports them
--enable-admin-flag Whether to create a Ubuntu-style admin flag file --enable-admin-flag Whether to create a Ubuntu-style admin flag file
--disable-nls Disable natural language support using gettext --disable-nls Disable natural language support using gettext
--disable-rpath Disable passing of -Rpath to the linker --disable-rpath Disable passing of -Rpath to the linker
@ -21144,6 +21143,49 @@ fi
fi fi
fi fi
fi fi
if test "$enable_pie" != "yes"; then
# Solaris 11.1 and higher supports tagging binaries to use ASLR
case "$host_os" in
solaris2.1[1-9]|solaris2.[2-9][0-9])
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5
$as_echo_n "checking whether the linker accepts -Wl,-z,aslr... " >&6; }
if ${ax_cv_check_ldflags___Wl__z_aslr+:} false; then :
$as_echo_n "(cached) " >&6
else
ax_check_save_flags=$LDFLAGS
LDFLAGS="$LDFLAGS -Wl,-z,aslr"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ax_cv_check_ldflags___Wl__z_aslr=yes
else
ax_cv_check_ldflags___Wl__z_aslr=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$ax_check_save_flags
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5
$as_echo "$ax_cv_check_ldflags___Wl__z_aslr" >&6; }
if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes; then :
PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"
else
:
fi
;;
esac
fi
if test "$enable_hardening" != "no"; then if test "$enable_hardening" != "no"; then
if test -n "$GCC"; then if test -n "$GCC"; then

8
configure.in
View File

@ -3463,6 +3463,14 @@ if test -n "$GCC"; then
fi fi
fi fi
fi fi
if test "$enable_pie" != "yes"; then
# Solaris 11.1 and higher supports tagging binaries to use ASLR
case "$host_os" in
solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"])
;;
esac
fi
dnl dnl
dnl Check for -fstack-protector and -z relro support dnl Check for -fstack-protector and -z relro support