public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #50295 from matthewbauer/pie

Browse Source 
Disable PIE hardening in more places
This commit is contained in:
Matthew Bauer 2018-11-13 08:10:48 -06:00 committed by GitHub
commit 79faee180b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/development/compilers/gcc/4.8/default.nix
View File

@ -177,7 +177,7 @@ stdenv.mkDerivation ({
inherit patches; inherit patches;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
outputs = [ "out" "lib" "man" "info" ]; outputs = [ "out" "lib" "man" "info" ];
setOutputFlags = false; setOutputFlags = false;

2
pkgs/development/compilers/gcc/4.9/default.nix
View File

@ -185,7 +185,7 @@ stdenv.mkDerivation ({
inherit patches; inherit patches;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
outputs = if langJava || langGo then ["out" "man" "info"] outputs = if langJava || langGo then ["out" "man" "info"]
else [ "out" "lib" "man" "info" ]; else [ "out" "lib" "man" "info" ];

2
pkgs/development/compilers/gcc/5/default.nix
View File

@ -178,7 +178,7 @@ stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev; libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
# This should kill all the stdinc frameworks that gcc and friends like to # This should kill all the stdinc frameworks that gcc and friends like to
# insert into default search paths. # insert into default search paths.

2
pkgs/development/compilers/gcc/6/default.nix
View File

@ -178,7 +178,7 @@ stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev; libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
# This should kill all the stdinc frameworks that gcc and friends like to # This should kill all the stdinc frameworks that gcc and friends like to
# insert into default search paths. # insert into default search paths.

2
pkgs/development/compilers/gcc/7/default.nix
View File

@ -149,7 +149,7 @@ stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev; libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
# This should kill all the stdinc frameworks that gcc and friends like to # This should kill all the stdinc frameworks that gcc and friends like to
# insert into default search paths. # insert into default search paths.

2
pkgs/development/compilers/gcc/8/default.nix
View File

@ -143,7 +143,7 @@ stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev; libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
# This should kill all the stdinc frameworks that gcc and friends like to # This should kill all the stdinc frameworks that gcc and friends like to
# insert into default search paths. # insert into default search paths.

2
pkgs/development/compilers/gcc/snapshot/default.nix
View File

@ -137,7 +137,7 @@ stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev; libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" ]; hardeningDisable = [ "format" "pie" ];
postPatch = postPatch =
if targetPlatform != hostPlatform || stdenv.cc.libc != null then if targetPlatform != hostPlatform || stdenv.cc.libc != null then

2
pkgs/development/tools/misc/binutils/default.nix
View File

@ -97,7 +97,7 @@ stdenv.mkDerivation rec {
then "-Wno-string-plus-int -Wno-deprecated-declarations" then "-Wno-string-plus-int -Wno-deprecated-declarations"
else "-static-libgcc"; else "-static-libgcc";
hardeningDisable = [ "format" ] ++ stdenv.lib.optional stdenv.targetPlatform.isMusl "pie"; hardeningDisable = [ "format" "pie" ];
# TODO(@Ericson2314): Always pass "--target" and always targetPrefix. # TODO(@Ericson2314): Always pass "--target" and always targetPrefix.
configurePlatforms = [ "build" "host" ] ++ stdenv.lib.optional (stdenv.targetPlatform != stdenv.hostPlatform) "target"; configurePlatforms = [ "build" "host" ] ++ stdenv.lib.optional (stdenv.targetPlatform != stdenv.hostPlatform) "target";

3
pkgs/os-specific/linux/busybox/default.nix
View File

@ -42,7 +42,8 @@ stdenv.mkDerivation rec {
sha256 = "1dzg45vgy2w1xcd3p6h8d76ykhabbvk1h0lf8yb24ikrwlv8cr4p"; sha256 = "1dzg45vgy2w1xcd3p6h8d76ykhabbvk1h0lf8yb24ikrwlv8cr4p";
}; };
hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ]; hardeningDisable = [ "format" "pie" ]
++ lib.optionals enableStatic [ "fortify" ];
patches = [ patches = [
./busybox-in-store.patch ./busybox-in-store.patch

2
pkgs/os-specific/linux/kernel/manual-config.nix
View File

@ -269,7 +269,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches
++ optionals stdenv.lib.inNixShell [ pkgconfig ncurses ] ++ optionals stdenv.lib.inNixShell [ pkgconfig ncurses ]
; ;
hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" ]; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ];
# Absolute paths for compilers avoid any PATH-clobbering issues. # Absolute paths for compilers avoid any PATH-clobbering issues.
makeFlags = commonMakeFlags ++ [ makeFlags = commonMakeFlags ++ [

2
pkgs/os-specific/linux/kexectools/default.nix
View File

@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "1ac20jws8iys9w6dpn4q3hihyx73zkabdwv3gcb779cxfrmq2k2h"; sha256 = "1ac20jws8iys9w6dpn4q3hihyx73zkabdwv3gcb779cxfrmq2k2h";
}; };
hardeningDisable = [ "format" "pic" "relro" ]; hardeningDisable = [ "format" "pic" "relro" "pie" ];
configureFlags = [ "BUILD_CC=${buildPackages.stdenv.cc.targetPrefix}cc" ]; configureFlags = [ "BUILD_CC=${buildPackages.stdenv.cc.targetPrefix}cc" ];
nativeBuildInputs = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ buildPackages.stdenv.cc ];