summaryrefslogtreecommitdiffstats
path: root/configure.ac
diff options
context:
space:
mode:
authorDiego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com>2009-07-07 20:51:53 +0200
committerDiego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com>2009-07-16 15:57:41 +0200
commit84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 (patch)
treea469037503d8dfc78813ba19d3b94f700bb641b1 /configure.ac
parentff252cb48d9bd827d262eb2633fecaff47c6fe5c (diff)
Remove exploitable LD_BIND_NOW hack (CVE-2009-1894).
Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, just find the correct flag for the linker to request immediate bindings (all ELF files support that option), and use that when linking the daemon. Reduce the amount of compiled and executed code as well.
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac6
1 files changed, 6 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 9c96d1c5..cc7f674a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -113,6 +113,12 @@ CC_CHECK_LDFLAGS([${tmp_ldflag}],
[VERSIONING_LDFLAGS='-Wl,-version-script=$(srcdir)/map-file'])
AC_SUBST([VERSIONING_LDFLAGS])
+dnl Use immediate (now) bindings; avoids the funky re-call in itself
+dnl the -z now syntax is lifted from Sun's linker and works with GNU's too
+dnl other linkes might be added later
+CC_CHECK_LDFLAGS([-Wl,-z,now], [IMMEDIATE_LDFLAGS="-Wl,-z,now"])
+AC_SUBST([IMMEDIATE_LDFLAGS])
+
dnl Check for the proper way to build libraries that have no undefined
dnl symbols; on some hosts this needs to be avoided but the macro
dnl takes care of it.