[PATCH 11/12] Drop explicit stack-protection of pieces of the system.
Nix
nix@esperi.org.uk
Sat Feb 20 10:25:00 GMT 2016
From: Nick Alcock <nick.alcock@oracle.com>
This is probably a bad idea: maybe we want to stack-protect some parts
of the system even when ! --enable-stack-protector. I can easily adjust
the patch to do that (though it'll mean introducing a new variable
analogous to $(stack-protector) but not ocntrolled by the configure
flag.)
But if we wanted to value consistency over security, and use the same
stack-protection configure flag to control everything, this is how we'd
do it!
("Always include at least one patch with something obviously wrong with
it.")
---
login/Makefile | 1 -
nscd/Makefile | 1 -
resolv/Makefile | 1 -
3 files changed, 3 deletions(-)
diff --git a/login/Makefile b/login/Makefile
index 9ff36d6..1a6161c 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -58,7 +58,6 @@ CFLAGS-getpt.c = -fexceptions
ifeq (yesyes,$(have-fpie)$(build-shared))
pt_chown-cflags += $(pie-ccflag)
endif
-pt_chown-cflags += $(stack-protector)
ifeq (yes,$(have-libcap))
libcap = -lcap
endif
diff --git a/nscd/Makefile b/nscd/Makefile
index 50bad32..bfd72d5 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -84,7 +84,6 @@ CPPFLAGS-nscd += -D_FORTIFY_SOURCE=2
ifeq (yesyes,$(have-fpie)$(build-shared))
CFLAGS-nscd += $(pie-ccflag)
endif
-CFLAGS-nscd += $(stack-protector)
ifeq (yesyes,$(have-fpie)$(build-shared))
LDFLAGS-nscd = -Wl,-z,now
diff --git a/resolv/Makefile b/resolv/Makefile
index 8be41d3..0395b1a 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -90,7 +90,6 @@ CPPFLAGS += -Dgethostbyname=res_gethostbyname \
-Dgetnetbyname=res_getnetbyname \
-Dgetnetbyaddr=res_getnetbyaddr
-CFLAGS-libresolv += $(stack-protector)
CFLAGS-res_hconf.c = -fexceptions
# The BIND code elicits some harmless warnings.
--
2.7.0.198.g6dd47b6
More information about the Libc-alpha
mailing list