Djam/coreutils
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/coreutils.git synced 2025-02-24 01:32:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
coreutils/gcc-wrapper.sh
Mikhail Novosyolov e5bb83c2f8 Harden binaries 
Before:
$ binary-security-check /bin/coreutils
./bin/coreutils: -ASLR +STACK-PROT +READ-ONLY-RELOC -IMMEDIATE-BIND ~FORTIFY-SOURCE(+memcpy,+memmove,+printf,+fprintf,+poll,+explicit_bzero,+stpcpy,+strncat,+snprintf,+fread_unlocked,+strcpy,+sprintf,+fread,!strcpy,!mempcpy,!wcstombs,!read,!poll,!readlinkat,!snprintf,!stpcpy,!fread_unlocked,!stpncpy,!memmove,!memcpy,!gethostname,!mbstowcs,!getgroups,!readlink,!fread,!strncpy,!getcwd,!wcrtomb)

After:
$ binary-security-check /bin/coreutils
/bin/coreutils: +ASLR +STACK-PROT +READ-ONLY-RELOC +IMMEDIATE-BIND ~FORTIFY-SOURCE(+memcpy,+memmove,+printf,+fprintf,+poll,+explicit_bzero,+stpcpy,+strncat,+snprintf,+fread_unlocked,+strcpy,+sprintf,+fread,!strcpy,!mempcpy,!wcstombs,!read,!poll,!readlinkat,!snprintf,!stpcpy,!fread_unlocked,!stpncpy,!memmove,!memcpy,!gethostname,!mbstowcs,!getgroups,!readlink,!fread,!strncpy,!getcwd,!wcrtomb)

(enabled ASLR and IMMEDIATE-BIND)
2024-01-22 04:45:11 +03:00

7 lines
99 B
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
add="-fPIE -pie"
if [[ "$*" =~ libstdbuf ]]; then
add=""
fi
set -x
exec gcc $add "$@"
Reference in a new issue View git blame Copy permalink