Add configure check for building PIE executables instead of doing

it in mkpkg.

--HG--
branch : 1.7

diff --git a/INSTALL b/INSTALL
index d5c2a0b76df1e766bb1d073ad0b185867b7032bb..1a91255fc39eb98bc0a2858d954ee80432aa6f6d 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -637,6 +637,11 @@ The following options are also configurable at runtime:
        _FORTIFY_SOURCE defined to 2, building with -fstack-protector
        and linking with -zrelro, where supported.
 
+  --disable-pie
+       Disable the creation of position independent executables (PIE)
+        even when the compiler and linker support them.
+       By default, sudo will be built as a PIE where possible.
+
   --enable-admin-flag
        Enable the creation of an Ubuntu-style admin flag file
        the first time sudo is run.

diff --git a/Makefile.in b/Makefile.in
index 9adb7ef7d33675f40579aa8eb1f14a30a5431dae..7d00e121706317b31c42079311ccfe19979b674a 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -58,6 +58,10 @@ CFLAGS = @CFLAGS@
 LDFLAGS = -L. @LDFLAGS@
 SUDO_LDFLAGS = @SUDO_LDFLAGS@ $(LDFLAGS)
 
+# PIE flags
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+
 # Where to install things...
 prefix = @prefix@
 exec_prefix = @exec_prefix@
@@ -196,10 +200,10 @@ all: $(PROGS)
 .SUFFIXES: .o .c .h .l .y .lo
 
 .c.o:
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $<
 
 .c.lo:
-       $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+       $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $<
 
 libsudo.a: $(LIB_OBJS) $(COMMON_OBJS)
        $(AR) rv $@ $(LIB_OBJS) $(COMMON_OBJS)
@@ -210,16 +214,16 @@ libz.a: $(ZLIB_OBJS)
        $(RANLIB) $@
 
 sudo: libsudo.a @ZLIB_DEP@ $(SUDO_OBJS)
-       $(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
+       $(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) $(PIE_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
 
 visudo: libsudo.a $(VISUDO_OBJS)
-       $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+       $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
 
 sudoreplay: libsudo.a @ZLIB_DEP@ $(REPLAY_OBJS)
-       $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) -lsudo $(LIBS) @ZLIB@
+       $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) -lsudo $(LIBS) @ZLIB@
 
 testsudoers: $(TEST_OBJS)
-       $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+       $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
 
 sudo_noexec.lo: $(srcdir)/sudo_noexec.c
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
@@ -271,213 +275,213 @@ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(srcdir)/missing.h confi
 
 # Dependencies (not counting auth functions)
 aix.o: $(srcdir)/aix.c
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
 alias.o: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/redblack.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
 alloc.o: $(srcdir)/alloc.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
 audit.o: $(srcdir)/audit.c $(SUDODEP) $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
 boottime.o: $(srcdir)/boottime.c config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
 bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) $(srcdir)/bsm_audit.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
 check.o: $(srcdir)/check.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
 closefrom.o: $(srcdir)/closefrom.c config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
 defaults.o: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
 env.o: $(srcdir)/env.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
 error.o: $(srcdir)/error.c $(srcdir)/missing.h $(srcdir)/error.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
 exec.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec.c
 exec_pty.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec_pty.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec_pty.c
 fileops.o: $(srcdir)/fileops.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
 find_path.o: $(srcdir)/find_path.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
 fnmatch.o: $(srcdir)/fnmatch.c $(srcdir)/emul/fnmatch.h $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
 get_pty.o: $(srcdir)/get_pty.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/get_pty.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/get_pty.c
 getcwd.o: $(srcdir)/getcwd.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
 getdate.o: $(srcdir)/getdate.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
 getline.o: $(srcdir)/getline.c config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
 getprogname.o: $(srcdir)/getprogname.c config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
 getspwuid.o: $(srcdir)/getspwuid.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
 gettime.o: $(srcdir)/gettime.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
 glob.o: $(srcdir)/glob.c $(srcdir)/emul/glob.h $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
 goodpath.o: $(srcdir)/goodpath.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
 gram.o: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
 interfaces.o: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
 iolog.o: $(srcdir)/iolog.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/iolog.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/iolog.c
 isblank.o: $(srcdir)/isblank.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
 lbuf.o: $(srcdir)/lbuf.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
 ldap.o: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
 linux_audit.o: $(srcdir)/linux_audit.c $(SUDODEP) $(srcdir)/linux_audit.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/linux_audit.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/linux_audit.c
 list.o: $(srcdir)/list.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
 logging.o: $(srcdir)/logging.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
 logwrap.o: $(srcdir)/logwrap.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logwrap.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logwrap.c
 match.o: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
 memrchr.o: $(srcdir)/memrchr.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
 mkstemps.o: $(srcdir)/mkstemps.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemps.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemps.c
 nanosleep.o: $(srcdir)/nanosleep.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
 parse.o: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
 parse_args.o: $(srcdir)/parse_args.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse_args.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse_args.c
 pwutil.o: $(srcdir)/pwutil.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
 redblack.o: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
 secure_path.o: $(srcdir)/secure_path.c $(SUDODEP) $(srcdir)/secure_path.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/secure_path.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/secure_path.c
 set_perms.o: $(srcdir)/set_perms.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
 setsid.o: $(srcdir)/setsid.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/setsid.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/setsid.c
 sigaction.o: $(srcdir)/sigaction.c $(srcdir)/missing.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
 siglist.o: siglist.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/siglist.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/siglist.c
 snprintf.o: $(srcdir)/snprintf.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
 strcasecmp.o: $(srcdir)/strcasecmp.c $(srcdir)/missing.h  config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
 strerror.o: $(srcdir)/strerror.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
 strlcat.o: $(srcdir)/strlcat.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
 strlcpy.o: $(srcdir)/strlcpy.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
 strsignal.o: $(srcdir)/strsignal.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
 selinux.o: $(srcdir)/selinux.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
 sudo.o: $(srcdir)/sudo.c $(SUDODEP) sudo_usage.h $(srcdir)/interfaces.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
 sudoreplay.o: $(srcdir)/sudoreplay.c $(srcdir)/alloc.h $(srcdir)/missing.h $(srcdir)/error.h $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
 sudo_edit.o: $(srcdir)/sudo_edit.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
 sudo_noexec.o: $(srcdir)/sudo_noexec.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
 sudo_nss.o: $(srcdir)/sudo_nss.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
 term.o: $(srcdir)/term.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
 testsudoers.o: $(srcdir)/testsudoers.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
 tgetpass.o: $(srcdir)/tgetpass.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
 ttyname.o: $(srcdir)/ttyname.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ttyname.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ttyname.c
 ttysize.o: $(srcdir)/ttysize.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ttysize.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ttysize.c
 timestr.o: $(srcdir)/timestr.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
 toke.o: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/toke.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
 toke_util.o: $(srcdir)/toke_util.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/toke.h $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/toke_util.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/toke_util.c
 tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
 utimes.o: $(srcdir)/utimes.c $(srcdir)/missing.h $(srcdir)/emul/utime.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
 vasgroups.o: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
 visudo.o: $(srcdir)/visudo.c $(SUDODEP) $(devdir)/gram.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
 zero_bytes.o: $(srcdir)/zero_bytes.c $(srcdir)/missing.h config.h
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
 sudo_auth.o: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
 afs.o: $(authdir)/afs.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
 aix_auth.o: $(authdir)/aix_auth.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
 bsdauth.o: $(authdir)/bsdauth.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
 dce.o: $(authdir)/dce.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
 fwtk.o: $(authdir)/fwtk.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
 kerb4.o: $(authdir)/kerb4.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
 kerb5.o: $(authdir)/kerb5.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
 pam.o: $(authdir)/pam.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
 passwd.o: $(authdir)/passwd.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
 rfc1938.o: $(authdir)/rfc1938.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
 secureware.o: $(authdir)/secureware.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
 securid.o: $(authdir)/securid.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
 securid5.o: $(authdir)/securid5.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
 sia.o: $(authdir)/sia.c $(AUTHDEP)
-       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
+       $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
 
 # Zlib dependencies
 adler32.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/adler32.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/adler32.c
 compress.o: $(srcdir)/zlib/zlib.h zlib/zconf.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/compress.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/compress.c
 crc32.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/crc32.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/crc32.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/crc32.c
 deflate.o: $(srcdir)/zlib/deflate.h $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/deflate.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/deflate.c
 gzclose.o: $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/gzguts.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/gzclose.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/gzclose.c
 gzlib.o: $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/gzguts.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/gzlib.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/gzlib.c
 gzread.o: $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/gzguts.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/gzread.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/gzread.c
 gzwrite.o: $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/gzguts.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/gzwrite.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/gzwrite.c
 infback.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/inftrees.h $(srcdir)/zlib/inflate.h $(srcdir)/zlib/inffast.h $(srcdir)/zlib/inffixed.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/infback.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/infback.c
 inffast.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/inftrees.h $(srcdir)/zlib/inflate.h $(srcdir)/zlib/inffast.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/inffast.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/inffast.c
 inflate.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/inftrees.h $(srcdir)/zlib/inflate.h $(srcdir)/zlib/inffast.h $(srcdir)/zlib/inffixed.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/inflate.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/inflate.c
 inftrees.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/inftrees.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/inftrees.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/inftrees.c
 trees.o: $(srcdir)/zlib/deflate.h $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h $(srcdir)/zlib/trees.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/trees.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/trees.c
 uncompr.o: $(srcdir)/zlib/zlib.h zlib/zconf.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/uncompr.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/uncompr.c
 zutil.o: $(srcdir)/zlib/zutil.h $(srcdir)/zlib/zlib.h zlib/zconf.h
-       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(srcdir)/zlib/zutil.c
+       $(CC) -c -I. -I$(srcdir)/zlib $(CFLAGS) $(PIE_CFLAGS) $(srcdir)/zlib/zutil.c
 
 @DEV@varsub: $(srcdir)/configure.in
 @DEV@  printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#4#g\ns#@%s@#1m#g\n' SEMAN BAMAN LCMAN sysconfdir prefix mansectform mansectsu > $@; sed -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(srcdir)/configure.in | sed -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@

diff --git a/configure b/configure
index 1b6cb5abe574a8773d8975b24f257683d7a617c2..9ff8d9899906dfa9a221ecb45f56117d0c178273 100755 (executable)
--- a/configure
+++ b/configure
@@ -691,6 +691,8 @@ password_timeout
 timeout
 timedir
 iolog_dir
+PIE_CFLAGS
+PIE_LDFLAGS
 CONFIGURE_ARGS
 ZLIB_DEP
 ZLIB
@@ -867,6 +869,7 @@ enable_env_reset
 enable_warnings
 enable_werror
 enable_hardening
+enable_pie
 enable_admin_flag
 with_selinux
 enable_gss_krb5_ccache_name
@@ -1529,6 +1532,8 @@ Optional Features:
   --enable-werror         Whether to enable the -Werror compiler option
   --disable-hardening     Do not use compiler/linker exploit mitigation
                           options
+  --disable-pie           Do not build position independent executables, even
+                          if the compiler/linker supports them
   --enable-admin-flag     Whether to create a Ubuntu-style admin flag file
   --enable-gss-krb5-ccache-name
                           Use GSS-API to set the Kerberos V cred cache name
@@ -2855,6 +2860,8 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
+
+
 
 
 
@@ -5548,6 +5555,14 @@ else
 fi
 
 
+# Check whether --enable-pie was given.
+if test "${enable_pie+set}" = set; then :
+  enableval=$enable_pie;
+else
+  enable_pie=yes
+fi
+
+
 # Check whether --enable-admin-flag was given.
 if test "${enable_admin_flag+set}" = set; then :
   enableval=$enable_admin_flag;  case "$enableval" in
@@ -19845,6 +19860,87 @@ done
 
 fi
 
+if test "$enable_pie" != "no"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5
+$as_echo_n "checking whether C compiler accepts -fPIE... " >&6; }
+if ${ax_cv_check_cflags___fPIE+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+  ax_check_save_flags=$CFLAGS
+  CFLAGS="$CFLAGS  -fPIE"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ax_cv_check_cflags___fPIE=yes
+else
+  ax_cv_check_cflags___fPIE=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5
+$as_echo "$ax_cv_check_cflags___fPIE" >&6; }
+if test x"$ax_cv_check_cflags___fPIE" = xyes; then :
+
+       _CFLAGS="$CFLAGS"
+       CFLAGS="$CFLAGS -fPIE"
+       { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5
+$as_echo_n "checking whether the linker accepts -pie... " >&6; }
+if ${ax_cv_check_ldflags___pie+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+  ax_check_save_flags=$LDFLAGS
+  LDFLAGS="$LDFLAGS  -pie"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ax_cv_check_ldflags___pie=yes
+else
+  ax_cv_check_ldflags___pie=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5
+$as_echo "$ax_cv_check_ldflags___pie" >&6; }
+if test x"$ax_cv_check_ldflags___pie" = xyes; then :
+
+           PIE_CFLAGS="-fPIE"
+           PIE_LDFLAGS="-pie"
+
+else
+  :
+fi
+
+       CFLAGS="$_CFLAGS"
+
+else
+  :
+fi
+
+fi
+
 if test "$enable_hardening" != "no"; then
 
 ac_c_werror_flag=yes

diff --git a/configure.in b/configure.in
index b28630e14817319e08bfc518de8007c46e0ca88f..53ed8919bf6e74acd20d2bd36dac88268b8c76a6 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -57,6 +57,8 @@ AC_SUBST([LOGINCAP_USAGE])
 AC_SUBST([ZLIB])
 AC_SUBST([ZLIB_DEP])
 AC_SUBST([CONFIGURE_ARGS])
+AC_SUBST([PIE_LDFLAGS])
+AC_SUBST([PIE_CFLAGS])
 dnl
 dnl Variables that get substituted in docs (not overridden by environment)
 dnl
@@ -1307,6 +1309,10 @@ AC_ARG_ENABLE(hardening,
 [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
 [], [enable_hardening=yes])
 
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])],
+[], [enable_pie=yes])
+
 AC_ARG_ENABLE(admin-flag,
 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
 [ case "$enableval" in
@@ -2987,6 +2993,22 @@ if test "${with_iologdir-yes}" != "no"; then
     ])
 fi
 
+dnl
+dnl Check for PIE executable support if using gcc.
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test "$enable_pie" != "no"; then
+    AX_CHECK_COMPILE_FLAG([-fPIE], [
+       _CFLAGS="$CFLAGS"
+       CFLAGS="$CFLAGS -fPIE"
+       AX_CHECK_LINK_FLAG([-pie], [
+           PIE_CFLAGS="-fPIE"
+           PIE_LDFLAGS="-pie"
+       ])
+       CFLAGS="$_CFLAGS"
+    ])
+fi
+
 dnl
 dnl Check for -fstack-protector and -z relro support
 dnl This must be towards the end as it turns warnings

diff --git a/mkpkg b/mkpkg
index 099e851a848acc07e9509313278b431c446547bc..b2f1ba98df62867d8a1c6606b06c8dc2733d23ee 100755 (executable)
--- a/mkpkg
+++ b/mkpkg
@@ -78,17 +78,6 @@ top_srcdir=`dirname $0`
 test -n "$osversion" || exit 1
 osrelease=`echo "$osversion" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
 
-# Linux distros may build binaries as pie files.
-# This is really something libtool should figure out, but it does not.
-case "$osversion" in
-    *-s390*|*-sparc*|*-alpha*)
-       F_PIE=-fPIE
-       ;;
-    *)
-       F_PIE=-fpie
-       ;;
-esac
-
 # Choose compiler options by osversion if not cross-compiling.
 if [ "$crossbuild" = "false" ]; then
     case "$osversion" in
@@ -122,9 +111,8 @@ case "$osversion" in
            configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux"
        fi
        if [ $osrelease -ge 50 ]; then
-           # RHEL 5 and up build pies, have audit support and use a
-           # separate PAM config file for "sudo -i".
-           export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie"
+           # RHEL 5 and up has audit support and uses a separate PAM
+           # config file for "sudo -i".
            configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit"
            configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login"
            PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0"
@@ -145,10 +133,8 @@ case "$osversion" in
        ;;
     sles*)
        if [ $osrelease -ge 10 ]; then
-           # SLES 10 and higher build pies
-           export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie"
+           # SLES 11 and higher has SELinux
            if [ $osrelease -ge 11 ]; then
-               # SLES 11 and higher has SELinux
                configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux"
            fi
        fi
@@ -186,14 +172,6 @@ case "$osversion" in
        case "$osversion" in
            ubu*)
                configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture"
-               if [ $osrelease -ge 1004 ]; then
-                   export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie"
-               fi
-               ;;
-           deb*)
-               if [ $osrelease -ge 600 ]; then
-                   export CFLAGS="-O2 -g $F_PIE" LDFLAGS="-pie"
-               fi
                ;;
        esac
        # Note, must indent with tabs, not spaces due to IFS trickery
@@ -236,10 +214,6 @@ case "$osversion" in
        fi
        export CFLAGS="-O2 -g $ARCH_FLAGS $SDK_FLAGS"
        export LDFLAGS="$ARCH_FLAGS $SDK_FLAGS"
-       if [ $osrelease -ge 105 ]; then
-           CFLAGS="$CFLAGS $F_PIE"
-           LDFLAGS="$LDFLAGS -Wl,-pie"
-       fi
        # Note, must indent with tabs, not spaces due to IFS trickery
        configure_opts="--with-pam
                --without-tty-tickets