1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/usr/bin/make -f
NAME:=includes
CFLAGS += $(HARDENING_CFLAGS)
LDFLAGS += $(HARDENING_LDFLAGS)
BUILD_EXTRA=$(BUILD_TREE)/$(NAME)-disabled
include Makefile.common
$(BUILD_TREE)/$(NAME)-disabled: $(TEST_REQS)
ifeq (1,$(DEB_BUILD_HARDENING_PIE))
# Disable PIE
$(CC) \
$(filter-out $(HARDENING_DISABLE_PIE_CFLAGS_FILTER),$(CFLAGS)) \
$(filter-out $(HARDENING_DISABLE_PIE_LDFLAGS_FILTER),$(LDFLAGS)) \
-o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
endif
ifeq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
# Disable stack protector
$(CC) $(CFLAGS) $(LDFLAGS) $(HARDENING_DISABLE_STACKPROTECTOR_CFLAGS) -o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
endif
ifeq (1,$(DEB_BUILD_HARDENING_FORTIFY))
# Disable fortify
$(CC) $(CFLAGS) $(LDFLAGS) $(HARDENING_DISABLE_FORTIFY_CFLAGS) -o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
endif
ifeq (1,$(DEB_BUILD_HARDENING_RELRO))
# Disable relro
$(CC) $(CFLAGS) $(LDFLAGS) $(HARDENING_DISABLE_RELRO_LDFLAGS) -o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
endif
ifeq (1,$(DEB_BUILD_HARDENING_BINDNOW))
# Disable bindnow
$(CC) $(CFLAGS) $(LDFLAGS) $(HARDENING_DISABLE_BINDNOW_LDFLAGS) -o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
endif
# Disable everything
$(CC) \
$(filter-out $(HARDENING_DISABLE_PIE_CFLAGS_FILTER),$(CFLAGS)) \
$(filter-out $(HARDENING_DISABLE_PIE_LDFLAGS_FILTER),$(LDFLAGS)) \
$(HARDENING_DISABLE_STACKPROTECTOR_CFLAGS) \
$(HARDENING_DISABLE_FORTIFY_CFLAGS) \
$(HARDENING_DISABLE_FORMAT_CFLAGS) \
$(HARDENING_DISABLE_RELRO_LDFLAGS) \
$(HARDENING_DISABLE_BINDNOW_LDFLAGS) \
-o $@ $<
if perl ../hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
readelf -ldW $@
|