Ruslan Ermilov 042df2e2da Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00

59 lines
1.4 KiB
Makefile

# $FreeBSD$
WITHOUT_SSP=
.include <bsd.own.mk>
PROG?= ld-elf.so.1
SRCS= rtld_start.S \
reloc.c rtld.c rtld_lock.c map_object.c \
malloc.c xmalloc.c debug.c libmap.c
MAN= rtld.1
CSTD?= gnu99
CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD
CFLAGS+= -I${.CURDIR}/${MACHINE_ARCH} -I${.CURDIR}
LDFLAGS+= -nostdlib -e .rtld_start
INSTALLFLAGS= -C -b
PRECIOUSPROG=
BINDIR= /libexec
SYMLINKS= ${BINDIR}/${PROG} /usr/libexec/${PROG}
MLINKS= rtld.1 ld-elf.so.1.1 \
rtld.1 ld.so.1
CFLAGS+= -fpic -DPIC
LDFLAGS+= -shared -Wl,-Bsymbolic
DPADD= ${LIBC_PIC}
LDADD= -lc_pic
.if ${MACHINE_ARCH} != "ia64"
.if ${MK_SYMVER} == "yes"
LIBCDIR= ${.CURDIR}/../../lib/libc
VERSION_DEF= ${LIBCDIR}/Versions.def
SYMBOL_MAPS= ${.CURDIR}/Symbol.map
VERSION_MAP= Version.map
LDFLAGS+= -Wl,--version-script=${VERSION_MAP}
${PROG}: ${VERSION_MAP}
.if exists(${.CURDIR}/${MACHINE_ARCH}/Symbol.map)
SYMBOL_MAPS+= ${.CURDIR}/${MACHINE_ARCH}/Symbol.map
.endif
.endif
.endif
.if exists(${.CURDIR}/${MACHINE_ARCH}/Makefile.inc)
.include "${.CURDIR}/${MACHINE_ARCH}/Makefile.inc"
.endif
# Since moving rtld-elf to /libexec, we need to create a symlink.
# Fixup the existing binary that's there so we can symlink over it.
beforeinstall:
.if exists(${DESTDIR}/usr/libexec/${PROG})
-chflags noschg ${DESTDIR}/usr/libexec/${PROG}
.endif
.PATH: ${.CURDIR}/${MACHINE_ARCH}
.include <bsd.symver.mk>
.include <bsd.prog.mk>