| commit | 40d6444e91c6ab17e5e8ab01d4eece90cbc4afed | |
| author | Avi Kivity <avi@redhat.com> | |
| Tue, 15 Nov 2011 18:12:17 +0000 (15 20:12 +0200) | ||
| committer | Anthony Liguori <aliguori@us.ibm.com> | |
| Mon, 21 Nov 2011 21:05:59 +0000 (21 15:05 -0600) | ||
| tree | 12bdf76893cd40f7c552a8a27348164bc788f4f9 | treesnapshot (tar.gz zip) |
| parent | ff51a738cf487811a7890d5292c38bc30eb54e45 | commitdiff |
configure: build position independent executables on x86-Linux hosts
Change the default on x86 Linux hosts to building PIE (position
independent executables); instead of restricting the option to
user-only targets, apply it to all targets.
In addition, set the relocation sections to read-only (relro) when
available; this reduces the attack surface by disallowing changes to
relocation tables at runtime.
While PIE reduces performance and relro increases load time, it
greatly improves security, with the potential to reduce a code
execution vulnerability to a self denial of service.
Non-x86 are not changed, as they require TCG changes; neither are
non-Linux, due to lack of test coverage.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Change the default on x86 Linux hosts to building PIE (position
independent executables); instead of restricting the option to
user-only targets, apply it to all targets.
In addition, set the relocation sections to read-only (relro) when
available; this reduces the attack surface by disallowing changes to
relocation tables at runtime.
While PIE reduces performance and relro increases load time, it
greatly improves security, with the potential to reduce a code
execution vulnerability to a self denial of service.
Non-x86 are not changed, as they require TCG changes; neither are
non-Linux, due to lack of test coverage.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| configure | diffblobblamehistory |