From 864a292c05860e7bbceb37505e794edcfbb49a90 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 21 Feb 2011 16:23:24 +0000 Subject: [PATCH 1/3] Don't force use of -fPIE for the dbus-daemon if apparently supported It's a minor security benefit, but not automatically beneficial (it enables ASLR, but breaks prelinking, some buggy toolchains, and some gdb versions). Distributions who know their infrastructure works well can enable it just as easily via ./configure CFLAGS="-fPIE" LDFLAGS="-pie" without extra support from us, and that's a generic solution applicable to many packages. Similarly, don't force libdbus and libdbus-internal to be PIC: libtool knows better than we do whether that's necessary/beneficial on a particular platform. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=16621 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=27215 Bug-NB: NB#171940 --- bus/Makefile.am | 7 ++++--- configure.in | 29 ----------------------------- dbus/Makefile.am | 10 ++++++---- 3 files changed, 10 insertions(+), 36 deletions(-) diff --git a/bus/Makefile.am b/bus/Makefile.am index efa8ab5..1b07f24 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am @@ -1,8 +1,9 @@ configdir=$(sysconfdir)/dbus-1 -INCLUDES=-I$(top_srcdir) $(DBUS_BUS_CFLAGS) @PIE_CFLAGS@ \ - -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \ +INCLUDES = -I$(top_srcdir) \ + $(DBUS_BUS_CFLAGS) \ + -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \ -DDBUS_COMPILATION EFENCE= @@ -88,7 +89,7 @@ dbus_daemon_LDADD= \ $(EFENCE) \ $(DBUS_BUS_LIBS) -dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@ @PIE_LDFLAGS@ +dbus_daemon_LDFLAGS=@R_DYNAMIC_LDFLAG@ @SECTION_LDFLAGS@ LAUNCH_HELPER_SOURCES= \ $(XML_SOURCES) \ diff --git a/configure.in b/configure.in index b043018..3b48f45 100644 --- a/configure.in +++ b/configure.in @@ -1195,30 +1195,6 @@ if test "x$GCC" = "xyes"; then ;; esac - case " $CFLAGS " in - *[\ \ ]-fPIC[\ \ ]*) ;; - *) if test x$dbus_win = xno && cc_supports_flag -fPIC; then - PIC_CFLAGS="-fPIC" - if ld_supports_flag -z,relro; then - PIC_LDFLAGS="-Wl,-z,relro" - fi - fi - ;; - esac - - case " $CFLAGS " in - *[\ \ ]-fPIE[\ \ ]*) ;; - *) if test x$dbus_win = xno && cc_supports_flag -fPIE; then - PIE_CFLAGS="-fPIE" - if ld_supports_flag -z,relro; then - PIE_LDFLAGS="-pie -Wl,-z,relro" - else - PIE_LDFLAGS="-pie" - fi - fi - ;; - esac - ### Disabled warnings, and compiler flag overrides # Let's just ignore unused for now @@ -1275,11 +1251,6 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -AC_SUBST(PIC_CFLAGS) -AC_SUBST(PIC_LDFLAGS) -AC_SUBST(PIE_CFLAGS) -AC_SUBST(PIE_LDFLAGS) - if ld_supports_flag --gc-sections; then SECTION_LDFLAGS="-Wl,--gc-sections $SECTION_LDFLAGS" CFLAGS="-ffunction-sections -fdata-sections $CFLAGS" diff --git a/dbus/Makefile.am b/dbus/Makefile.am index 740def3..2e6ca1d 100644 --- a/dbus/Makefile.am +++ b/dbus/Makefile.am @@ -1,9 +1,11 @@ configdir=$(sysconfdir)/dbus-1 -INCLUDES=-I$(top_builddir) -I$(top_srcdir) $(DBUS_CLIENT_CFLAGS) @PIC_CFLAGS@ -DDBUS_COMPILATION \ - -DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \ - -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \ +INCLUDES = -I$(top_builddir) -I$(top_srcdir) \ + $(DBUS_CLIENT_CFLAGS) \ + -DDBUS_COMPILATION \ + -DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \ + -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \ -DDBUS_SESSION_CONFIG_FILE=\""$(configdir)/session.conf"\" dbusincludedir=$(includedir)/dbus-1.0/dbus @@ -261,7 +263,7 @@ noinst_LTLIBRARIES=libdbus-internal.la libdbus_1_la_CPPFLAGS= -Ddbus_1_EXPORTS libdbus_1_la_LIBADD= $(DBUS_CLIENT_LIBS) -libdbus_1_la_LDFLAGS= $(export_symbols) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@ @PIC_LDFLAGS@ +libdbus_1_la_LDFLAGS= $(export_symbols) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -no-undefined @R_DYNAMIC_LDFLAG@ libdbus_internal_la_CPPFLAGS = -DDBUS_STATIC_BUILD libdbus_internal_la_LIBADD=$(DBUS_CLIENT_LIBS) -- 1.7.4.1