diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2021-05-22 10:01:09 +0200 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2021-05-22 13:33:49 +0200 |
commit | 61c74e1aee1b7fb35ca3c550f57286cf85999e96 (patch) | |
tree | a842a35f56b6d6b5f6c50c4f738ac03f4e9c9802 /pkgs/development/libraries/glibc | |
parent | 3ce66c03b3f41f0944b7eafa7ecf457251ae3a04 (diff) | |
download | nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar.gz nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar.bz2 nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar.lz nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar.xz nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.tar.zst nixpkgs-61c74e1aee1b7fb35ca3c550f57286cf85999e96.zip |
glibc: allow to build position-independent static executable
This enables ALSR on static executables, which makes them harder to exploit by providing a crt suitable for static PIEs. Does this break existing binaries? Likely not. Static-pie is only used if explicitly enabled.
Diffstat (limited to 'pkgs/development/libraries/glibc')
-rw-r--r-- | pkgs/development/libraries/glibc/common.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 0f580baba33..d1c224093bb 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -153,6 +153,8 @@ stdenv.mkDerivation ({ "--enable-add-ons" "--sysconfdir=/etc" "--enable-stackguard-randomization" + "--enable-static-pie" + "--enable-bind-now" (lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include") (lib.enableFeature profilingLibraries "profile") ] ++ lib.optionals withLinuxHeaders [ |