summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorYann E. MORIN" <yann.morin.1998@anciens.enib.fr>2011-02-21 22:39:46 (GMT)
committerYann E. MORIN" <yann.morin.1998@anciens.enib.fr>2011-02-21 22:39:46 (GMT)
commitb93e67f07ca3cbca6fd3b35274208cb5dce7739e (patch)
treecf42d5b41b13e69cd46cab7a71a94819d8a150cb /config
parent6635f8cd2e6f54eb600bdb4e7413e5ae94d07e88 (diff)
libc/glibc: add fortify option
By default, recent versions of glibc and eglibc will build some functions that take format strings (eg. printf, syslog...) with run-time checks against some format string attacks. This is called a fortified build. Unfortunately, this fails somehow while building the instrumented version of syslog, with some kind of circular dependency... Disable fortified builds by default, and hide the enabling option behind EXPERIMENTAL for daring users... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@anciens.enib.fr>
Diffstat (limited to 'config')
-rw-r--r--config/libc/glibc-eglibc.in-common21
1 files changed, 21 insertions, 0 deletions
diff --git a/config/libc/glibc-eglibc.in-common b/config/libc/glibc-eglibc.in-common
index a901e58..6e00688 100644
--- a/config/libc/glibc-eglibc.in-common
+++ b/config/libc/glibc-eglibc.in-common
@@ -58,6 +58,27 @@ config LIBC_EXTRA_CC_ARGS
Seldom used, except for sparc64 which seems to need the flag -64
to be passed onto gcc.
+config LIBC_ENABLE_FORTIFIED_BUILD
+ bool
+ prompt "Enable fortified build (EXPERIMENTAL)"
+ depends on EXPERIMENTAL
+ default n
+ help
+ If you say 'y' here, then glibc will be using fortified versions
+ of functions with format arguments (eg. vsyslog, printf...), and
+ do a sanity check on the format at runtime, to avoid some of the
+ common format string attacks.
+
+ This is currently not supported, and will most probably result in
+ a broken build, with an error message like:
+ ../misc/syslog.c: In function '__vsyslog_chk':
+ ../misc/syslog.c:123: sorry, unimplemented: inlining failed in
+ call to 'syslog': function body not available
+
+ If you are brave enough and want to debug the issue, then say 'y'
+ here. Otherwise, be still and say 'n' (the default). ;-)
+
+
config LIBC_DISABLE_VERSIONING
bool
prompt "Disable symbols versioning"