From 84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 Mon Sep 17 00:00:00 2001 From: Diego Elio 'Flameeyes' Pettenò Date: Tue, 7 Jul 2009 20:51:53 +0200 Subject: Remove exploitable LD_BIND_NOW hack (CVE-2009-1894). Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, just find the correct flag for the linker to request immediate bindings (all ELF files support that option), and use that when linking the daemon. Reduce the amount of compiled and executed code as well. --- src/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/Makefile.am') diff --git a/src/Makefile.am b/src/Makefile.am index 7ebf1f8a..ac627c84 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -183,9 +183,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) endif if FORCE_PREOPEN -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) else -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) endif ################################### -- cgit From 673112b192a9494ea96f7daca061b080db5d3977 Mon Sep 17 00:00:00 2001 From: Diego Elio 'Flameeyes' Pettenò Date: Fri, 17 Jul 2009 14:18:07 +0200 Subject: Check for support of -z nodelete LD flag, don't use it unconditionally. On non-GNU, non-Sun linkers, the -z option is often not understood; make sure that the -z nodelete option is usable before making use of it. Unbreaks build on Mac OS X. --- src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Makefile.am') diff --git a/src/Makefile.am b/src/Makefile.am index ac627c84..c022fa7c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -87,7 +87,7 @@ AM_CFLAGS = \ AM_LIBADD = $(PTHREAD_LIBS) $(INTLLIBS) AM_LDADD = $(PTHREAD_LIBS) $(INTLLIBS) -AM_LDFLAGS = -Wl,-z,nodelete +AM_LDFLAGS = $(NODELETE_LDFLAGS) if STATIC_BINS BINLDFLAGS = -static -- cgit