Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld

where we can end up crashing due to malloc() failures.  Sems OK
when Using Sun as and ld.

diff --git a/aclocal.m4 b/aclocal.m4
index 6cc5a0ed0a13607d56cc733555ccc09474ee8b47..e87c852657aec3062df9ba8428cd924dabed0684 100644 (file)
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -170,6 +170,23 @@ rm -f core core.* *.core])
 AC_MSG_RESULT($sudo_cv_func_fnmatch)
 AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])])
 
+dnl
+dnl Attempt to check for working PIE support.
+dnl This is a bit of a hack but on Solaris 10 with GNU ld and GNU as
+dnl we can end up with strange values from malloc().
+dnl A better check would be to verify that ASLR works with PIE.
+dnl
+AC_DEFUN([SUDO_WORKING_PIE],
+[AC_MSG_CHECKING([for working PIE support])
+AC_CACHE_VAL(sudo_cv_working_pie,
+[rm -f conftestdata; > conftestdata
+AC_TRY_RUN(AC_INCLUDES_DEFAULT([])
+[main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no],
+  [sudo_cv_working_pie=no])
+rm -f core core.* *.core])
+AC_MSG_RESULT($sudo_cv_working_pie)
+AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2])])
+
 dnl
 dnl check for isblank(3)
 dnl

diff --git a/configure b/configure
index 18878ef96da6790a683990cf156add795a86ab06..7f2440004e78d601cba170ae9b454dc2ad2c8a4e 100755 (executable)
--- a/configure
+++ b/configure
@@ -21091,8 +21091,40 @@ fi
 $as_echo "$ax_cv_check_ldflags___pie" >&6; }
 if test x"$ax_cv_check_ldflags___pie" = xyes; then :
 
-               PIE_CFLAGS="-fPIE"
-               PIE_LDFLAGS="-Wc,-fPIE -pie"
+               { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5
+$as_echo_n "checking for working PIE support... " >&6; }
+if ${sudo_cv_working_pie+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f conftestdata; > conftestdata
+if test "$cross_compiling" = yes; then :
+  sudo_cv_working_pie=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  sudo_cv_working_pie=yes
+else
+  sudo_cv_working_pie=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+rm -f core core.* *.core
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5
+$as_echo "$sudo_cv_working_pie" >&6; }
+if test $sudo_cv_working_pie = yes; then :
+
+                   PIE_CFLAGS="-fPIE"
+                   PIE_LDFLAGS="-Wc,-fPIE -pie"
+
+fi
 
 else
   :

diff --git a/configure.in b/configure.in
index e133f3306fc5413b68f7740cf334348b104acf39..0cde2c3bf9a87d9e14bc2cf675d55844710ba7f0 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -3447,8 +3447,10 @@ if test -n "$GCC"; then
            _CFLAGS="$CFLAGS"
            CFLAGS="$CFLAGS -fPIE"
            AX_CHECK_LINK_FLAG([-pie], [
-               PIE_CFLAGS="-fPIE"
-               PIE_LDFLAGS="-Wc,-fPIE -pie"
+               SUDO_WORKING_PIE([
+                   PIE_CFLAGS="-fPIE"
+                   PIE_LDFLAGS="-Wc,-fPIE -pie"
+               ], [])
            ])
            CFLAGS="$_CFLAGS"
        ])