mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-24 14:18:13 +03:00
Merge pull request #239331 from pwaller/fix-pie-hardening
This commit is contained in:
commit
8bf1b878cf
@ -37,11 +37,11 @@ fi
|
||||
for flag in "${!hardeningEnableMap[@]}"; do
|
||||
case $flag in
|
||||
pie)
|
||||
if [[ ! (" $* " =~ " -shared " \
|
||||
|| " $* " =~ " -static " \
|
||||
|| " $* " =~ " -r " \
|
||||
|| " $* " =~ " -Ur " \
|
||||
|| " $* " =~ " -i ") ]]; then
|
||||
if [[ ! (" ${params[*]} " =~ " -shared " \
|
||||
|| " ${params[*]} " =~ " -static " \
|
||||
|| " ${params[*]} " =~ " -r " \
|
||||
|| " ${params[*]} " =~ " -Ur " \
|
||||
|| " ${params[*]} " =~ " -i ") ]]; then
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
|
||||
hardeningLDFlags+=('-pie')
|
||||
fi
|
||||
|
@ -71,7 +71,7 @@ for flag in "${!hardeningEnableMap[@]}"; do
|
||||
# NB: we do not use `+=` here, because PIE flags must occur before any PIC flags
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
|
||||
hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}")
|
||||
if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then
|
||||
if [[ ! (" ${params[*]} " =~ " -shared " || " ${params[*]} " =~ " -static ") ]]; then
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
|
||||
hardeningCFlags=('-pie' "${hardeningCFlags[@]}")
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user