1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00

2006-05-22 Marcus Brinkmann <marcus@g10code.de>

* configure.ac: Remove check for noexecstack and invoke
	CL_AS_NOEXECSTACK instead.

m4/
2006-05-22  Marcus Brinkmann  <marcus@g10code.de>

	* noexecstack.m4: New file.
This commit is contained in:
Marcus Brinkmann 2006-05-22 17:19:22 +00:00
parent 7596ae1f6a
commit a26d0ff496
4 changed files with 65 additions and 18 deletions

View File

@ -1,3 +1,8 @@
2006-05-22 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Remove check for noexecstack and invoke
CL_AS_NOEXECSTACK instead.
2006-05-16 Werner Koch <wk@g10code.com> 2006-05-16 Werner Koch <wk@g10code.com>
* README: Removed note for OSF5 as this is the default now. * README: Removed note for OSF5 as this is the default now.

View File

@ -109,16 +109,6 @@ dnl if test "$use_m_guard" = yes ; then
dnl AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) dnl AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
dnl fi dnl fi
# We don't have a test to check whether as(1) knows about the
# non executable stack option. Thus we provide an option to enable
# it.
AC_MSG_CHECKING([whether non excutable stack support is requested])
AC_ARG_ENABLE(noexecstack,
AC_HELP_STRING([--enable-noexecstack],
[enable non executable stack support (gcc only)]),
noexecstack_support=$enableval, noexecstack_support=no)
AC_MSG_RESULT($noexecstack_support)
# SELinux support includes tracking of sensitive files to avoid # SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself # leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested]) AC_MSG_CHECKING([whether SELinux support is requested])
@ -1287,16 +1277,9 @@ if test "$GCC" = yes; then
if test x"$_gcc_psign" = xyes ; then if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign" CFLAGS="$CFLAGS -Wno-pointer-sign"
fi fi
# Non exec stack hack. Fixme: Write a test to check whether as
# can cope with it and use the enable-noexecstack option only to
# disable it in case it is required on sime platforms.
if test "$noexecstack_support" = yes; then
NOEXECSTACK_FLAGS="-Wa,--noexecstack"
fi
fi fi
AC_SUBST(NOEXECSTACK_FLAGS)
CL_AS_NOEXECSTACK
if test "$print_egd_warning" = yes; then if test "$print_egd_warning" = yes; then
AC_MSG_WARN([[ AC_MSG_WARN([[

View File

@ -1,3 +1,7 @@
2006-05-22 Marcus Brinkmann <marcus@g10code.de>
* noexecstack.m4: New file.
2006-05-09 David Shaw <dshaw@jabberwocky.com> 2006-05-09 David Shaw <dshaw@jabberwocky.com>
* libcurl.m4: Fix mistaken AC_SUBST when curl is not found. * libcurl.m4: Fix mistaken AC_SUBST when curl is not found.

55
m4/noexecstack.m4 Normal file
View File

@ -0,0 +1,55 @@
# noexecstack.m4
dnl Copyright (C) 1995-2006 Free Software Foundation, Inc.
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library; if not, write to the Free Software
dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
dnl Checks whether the stack can be marked nonexecutable by passing an
dnl option to the C-compiler when acting on .s files. Returns that
dnl option in NOEXECSTACK_FLAGS.
dnl This macro is adapted from one found in GLIBC-2.3.5.
AC_DEFUN([CL_AS_NOEXECSTACK],[
AC_REQUIRE([AC_PROG_CC])
AC_REQUIRE([AM_PROG_AS])
AC_MSG_CHECKING([whether non excutable stack support is requested])
AC_ARG_ENABLE(noexecstack,
AC_HELP_STRING([--enable-noexecstack],
[enable non executable stack support (gcc only)]),
noexecstack_support=$enableval, noexecstack_support=no)
AC_MSG_RESULT($noexecstack_support)
AC_CACHE_CHECK([whether assembler supports --noexecstack option],
cl_cv_as_noexecstack, [dnl
cat > conftest.c <<EOF
void foo() {}
EOF
if AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS
-S -o conftest.s conftest.c >/dev/null]) \
&& grep -q .note.GNU-stack conftest.s \
&& AC_TRY_COMMAND([${CCAS} $CCASFLAGS $CPPFLAGS -Wa,--noexecstack
-c -o conftest.o conftest.s >/dev/null])
then
cl_cv_as_noexecstack=yes
else
cl_cv_as_noexecstack=no
fi
rm -f conftest*])
if test "$noexecstack_support" = yes -a "$cl_cv_as_noexecstack" = yes; then
NOEXECSTACK_FLAGS="-Wa,--noexecstack"
else
NOEXECSTACK_FLAGS=
fi
AC_SUBST(NOEXECSTACK_FLAGS)
])