From fd5a58980d4fc2d0f9a8ba81a5ae9490e306b2ba Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 7 Mar 2008 11:33:26 -0500
Subject: [PATCH] Enable use of Relocations Read-Only, if supported, for
 enhanced security. (cherry picked from commit
 c20c5f082162ff6c0c2931f456897334aa002e83)

---
 source/Makefile.in  |  4 ++--
 source/configure.in | 27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/source/Makefile.in b/source/Makefile.in
index 95e96d54406..71b2018a5b2 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -43,8 +43,8 @@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@
 
 EXEEXT=@EXEEXT@
 AR=@AR@
-LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
-LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
+LDSHFLAGS=@LDSHFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
+LDFLAGS=@PIE_LDFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
 
 WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
 AWK=@AWK@
diff --git a/source/configure.in b/source/configure.in
index ef39d6b7376..9e17fd1d0dc 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -73,6 +73,7 @@ AC_SUBST(HOST_OS)
 AC_SUBST(PICFLAG)
 AC_SUBST(PIE_CFLAGS)
 AC_SUBST(PIE_LDFLAGS)
+AC_SUBST(RELRO_LDFLAGS)
 AC_SUBST(SHLIBEXT)
 AC_SUBST(INSTALLLIBCMD_SH)
 AC_SUBST(INSTALLLIBCMD_A)
@@ -1524,6 +1525,32 @@ EOF
 	fi
 fi
 
+# Set defaults
+RELRO_LDFLAGS=""
+AC_ARG_ENABLE(relro, [AS_HELP_STRING([--enable-relro], [Turn on Relocations Read-Only (relro) support if available (default=yes)])])
+
+if test "x$enable_relro" != xno
+then
+	AC_CACHE_CHECK([for -Wl,-z,relro], samba_cv_relro,
+	[
+		cat > conftest.c <<EOF
+int foo;
+main () { return 0;}
+EOF
+		if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -Wl,-z,relro -o conftest conftest.c 1>&AS_MESSAGE_LOG_FD])
+		then
+			samba_cv_relro=yes
+		else
+			samba_cv_relro=no
+		fi
+		rm -f conftest*
+	])
+	if test x"${samba_cv_relro}" = x"yes"
+	then
+		RELRO_LDFLAGS="-Wl,-z,relro"
+	fi
+fi
+
 # Assume non-shared by default and override below
 BLDSHARED="false"
 
-- 
2.11.4.GIT