r114 - trunk/text/chapter05

robert at linuxfromscratch.org robert at linuxfromscratch.org
Wed Jan 19 11:30:53 PST 2005

Author: robert
Date: 2005-01-19 12:30:53 -0700 (Wed, 19 Jan 2005)
New Revision: 114

Pass -z now,relro,combreloc on everything except static and partial linked objects. Added a couple tests for relro and now.

Modified: trunk/text/chapter05/12-gcc-native.txt
--- trunk/text/chapter05/12-gcc-native.txt	2005-01-19 17:25:00 UTC (rev 113)
+++ trunk/text/chapter05/12-gcc-native.txt	2005-01-19 19:30:53 UTC (rev 114)
@@ -94,7 +94,7 @@
 %{!static:%{!no-pie:%{!pie: -fPIC}}}
 ' >> $(gcc --print-file specs) &&
 echo '*link_pie:
-%{pie:-pie}%{!no-pie:%{!static:%{!Bstatic:%{!shared:%{!Bshareable:%{!i:%{!r:%{!pie: -pie}}}}}}} -z now -z relro -z combreloc}
+%{pie:-pie}%{!no-pie:%{!static:%{!Bstatic:%{!i:%{!r:%{!shared:%{!Bshareable:%{!pie: -pie}}} -z now -z relro -z combreloc}}}}}
 ' >> $(gcc --print-file specs)
@@ -111,7 +111,7 @@
 # This program will create a buffer overflow with an array length 7. This
 # will test that -fstack-protector-all is working. It will also print the
-# __guard[] value. The __guard value should change with each run time.
+# __guard[] value. The __guard value should change with each run.
 cat > test.c << "EOF"
 #include <stdio.h>
@@ -149,18 +149,26 @@
 # system Syslog daemon should also log these events.
 # Then make sure gcc is linking to tools and is creating position independent
-# executables.
+# executables. Also make sure the GNU_RELRO, and PAX_FLAGS program headers
+# exist.
-readelf -l test{,2} | grep -e ': /tools' -e 'Shared'
+readelf -l test{,2} | grep -e ': /tools' -e 'Shared' \
 # This should return (twice):
 # Elf file type is DYN (Shared object file)
 #      [Requesting program interpreter: /tools/lib/ld-something.so]
+#  GNU_RELRO      0x000ef4 0x00001ef4 0x00001ef4 0x0010c 0x0010c R   0x1
+#  PAX_FLAGS      0x000000 0x00000000 0x00000000 0x00000 0x00000     0x4
-# This test should not return anything, this will ensure the program is
-# position independent. Checking for both 'Shared object' above, and checking
-# that there is no text relocation (TEXTREL), will make sure we will be able
-# to take full advantage of PaX kernel features.
+# There are two more things to check for. The BIND_NOW section should exist.
+# The TEXTREL section should not exist.
-readelf -d test{,2} | grep TEXTREL
+readelf -d test{,2} | grep -e 'BIND_NOW' -e 'TEXTREL'
+# This should return (twice):
+#  0x00000018 (BIND_NOW)
+# There is no way to check for combreloc. The two readelf tests should produce
+# the same results on all shared executables and libraries you build.

More information about the hlfs-dev mailing list