NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Build all binaries with PIE

Browse Source 
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
2013-04-03 11:32:15 +01:00
parent 24ca8fae64
commit 1150999ca4
5 changed files with 86 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -145,6 +145,7 @@ VERSION_SCRIPT_FLAGS=-Wl,--version-script=
AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
LIBVIRT_COMPILE_WARNINGS
LIBVIRT_COMPILE_PIE
LIBVIRT_CHECK_APPARMOR
LIBVIRT_CHECK_ATTR