From bd136c8621dc5f05d9d02eb506cc6105d32aff72 Mon Sep 17 00:00:00 2001 From: "W. Felix Handte" Date: Wed, 5 Jan 2022 14:53:22 -0500 Subject: [PATCH] Makefiles: Add `noexecstack` Options to Compilation and Linking Hopefully this marks the binary artifacts `noexecstack` even on platforms where binaries default to true. --- lib/Makefile | 1 + lib/libzstd.mk | 24 ++++++++++++++++++++++++ programs/Makefile | 2 -- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 00fc535b0e9..63fdb71ee5f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -25,6 +25,7 @@ ifeq ($(ZSTD_LIB_DECOMPRESSION), 0) ZSTD_LIB_DEPRECATED = 0 endif + include libzstd.mk ZSTD_FILES := $(ZSTD_COMMON_FILES) $(ZSTD_LEGACY_FILES) diff --git a/lib/libzstd.mk b/lib/libzstd.mk index c04957c6fae..363ae01246e 100644 --- a/lib/libzstd.mk +++ b/lib/libzstd.mk @@ -34,6 +34,8 @@ ZSTD_NO_ASM ?= 0 # libzstd helpers ################################################################## +VOID ?= /dev/null + # Make 4.3 doesn't support '\#' anymore (https://lwn.net/Articles/810071/) NUM_SYMBOL := \# @@ -59,6 +61,28 @@ LIBVER := $(shell echo $(LIBVER_SCRIPT)) CCVER := $(shell $(CC) --version) ZSTD_VERSION?= $(LIBVER) + +ifndef ALREADY_APPENDED_NOEXECSTACK +export ALREADY_APPENDED_NOEXECSTACK := 1 +ifeq ($(shell echo "int main(int argc, char* argv[]) { (void)argc; (void)argv; return 0; }" | $(CC) -z noexecstack -x c -Werror - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1) +$(info Supports noexecstack linker flag!) +$(info $(LDFLAGS)) +LDFLAGS += -z noexecstack +$(info $(LDFLAGS)) +else +$(info Doesn't support noexecstack linker flag!) +endif +ifeq ($(shell echo | $(CC) -Wa,--noexecstack -x assembler -Werror -c - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1) +$(info Supports noexecstack assembler flag!) +$(info $(CFLAGS)) +CFLAGS += -Wa,--noexecstack +$(info $(CFLAGS)) +else +$(info Doesn't support noexecstack assembler flag!) +endif +endif + + # ZSTD_LIB_MINIFY is a helper variable that # configures a bunch of other variables to space-optimized defaults. ZSTD_LIB_MINIFY ?= 0 diff --git a/programs/Makefile b/programs/Makefile index a54900cc1e9..da848eb66bc 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -62,8 +62,6 @@ else EXT = endif -VOID = /dev/null - # thread detection NO_THREAD_MSG := ==> no threads, building without multithreading support HAVE_PTHREAD := $(shell printf '$(NUM_SYMBOL)include \nint main(void) { return 0; }' > have_pthread.c && $(CC) $(FLAGS) -o have_pthread$(EXT) have_pthread.c -pthread 2> $(VOID) && rm have_pthread$(EXT) && echo 1 || echo 0; rm have_pthread.c)