mirror of
https://github.com/gcc-mirror/gcc.git
synced 2024-11-21 13:40:47 +00:00
251c72a68a
This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. I plan to add an option to link with -Wl,-z,now. ChangeLog: * Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and isl. * Makefile.in: Regenerate. * Makefile.tpl: Set PICFLAG. * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. |
||
|---|---|---|
| c++tools | ||
| config | ||
| contrib | ||
| fixincludes | ||
| gcc | ||
| gnattools | ||
| gotools | ||
| include | ||
| INSTALL | ||
| intl | ||
| libada | ||
| libatomic | ||
| libbacktrace | ||
| libcc1 | ||
| libcody | ||
| libcpp | ||
| libdecnumber | ||
| libffi | ||
| libgcc | ||
| libgfortran | ||
| libgo | ||
| libgomp | ||
| libiberty | ||
| libitm | ||
| libobjc | ||
| libphobos | ||
| libquadmath | ||
| libsanitizer | ||
| libssp | ||
| libstdc++-v3 | ||
| libvtv | ||
| lto-plugin | ||
| maintainer-scripts | ||
| zlib | ||
| .dir-locals.el | ||
| .gitattributes | ||
| .gitignore | ||
| ABOUT-NLS | ||
| ar-lib | ||
| ChangeLog | ||
| ChangeLog.jit | ||
| ChangeLog.tree-ssa | ||
| compile | ||
| config-ml.in | ||
| config.guess | ||
| config.rpath | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| COPYING3 | ||
| COPYING3.LIB | ||
| COPYING.LIB | ||
| COPYING.RUNTIME | ||
| depcomp | ||
| install-sh | ||
| libtool-ldflags | ||
| libtool.m4 | ||
| lt~obsolete.m4 | ||
| ltgcc.m4 | ||
| ltmain.sh | ||
| ltoptions.m4 | ||
| ltsugar.m4 | ||
| ltversion.m4 | ||
| MAINTAINERS | ||
| Makefile.def | ||
| Makefile.in | ||
| Makefile.tpl | ||
| missing | ||
| mkdep | ||
| mkinstalldirs | ||
| move-if-change | ||
| multilib.am | ||
| README | ||
| symlink-tree | ||
| test-driver | ||
| ylwrap | ||
This directory contains the GNU Compiler Collection (GCC). The GNU Compiler Collection is free software. See the files whose names start with COPYING for copying permission. The manuals, and some of the runtime libraries, are under different terms; see the individual source files for details. The directory INSTALL contains copies of the installation information as HTML and plain text. The source of this information is gcc/doc/install.texi. The installation information includes details of what is included in the GCC sources and what files GCC installs. See the file gcc/doc/gcc.texi (together with other files that it includes) for usage and porting information. An online readable version of the manual is in the files gcc/doc/gcc.info*. See http://gcc.gnu.org/bugs/ for how to report bugs usefully. Copyright years on GCC source files may be listed using range notation, e.g., 1987-2012, indicating that every year in the range, inclusive, is a copyrightable year that could otherwise be listed individually.