Makefiles: Add `noexecstack` Options to Compilation and Linking

Hopefully this marks the binary artifacts `noexecstack` even on platforms where binaries default to true.
2022-01-05 14:53:22 -05:00 · 2022-01-05 14:53:22 -05:00 · 4620ce6a9a
parent 35208f702f
commit 4620ce6a9a
2 changed files with 28 additions and 2 deletions
--- a/lib/libzstd.mk
+++ b/lib/libzstd.mk
@ -34,6 +34,8 @@ ZSTD_NO_ASM ?= 0
 # libzstd helpers
 ##################################################################

+VOID ?= /dev/null
+
 # Make 4.3 doesn't support '\#' anymore (https://lwn.net/Articles/810071/)
 NUM_SYMBOL := \#

@ -96,6 +98,32 @@ CFLAGS   += $(DEBUGFLAGS) $(MOREFLAGS)
 LDFLAGS  += $(MOREFLAGS)
 FLAGS     = $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)

+ifndef ALREADY_APPENDED_NOEXECSTACK
+export ALREADY_APPENDED_NOEXECSTACK := 1
+ifeq ($(shell echo "int main(int argc, char* argv[]) { (void)argc; (void)argv; return 0; }" | $(CC) $(FLAGS) -z noexecstack -x c -Werror - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1)
+$(info Supports noexecstack linker flag!)
+$(info $(LDFLAGS))
+LDFLAGS += -z noexecstack
+$(info $(LDFLAGS))
+else
+$(info Doesn't support noexecstack linker flag!)
+endif
+ifeq ($(shell echo | $(CC) $(FLAGS) -Wa,--noexecstack -x assembler -Werror -c - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1)
+$(info Supports noexecstack assembler flag!)
+$(info $(CFLAGS))
+CFLAGS += -Wa,--noexecstack
+$(info $(CFLAGS))
+else ifeq ($(shell echo | $(CC) $(FLAGS) -Qunused-arguments -Wa,--noexecstack -x assembler -Werror -c - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1)
+# See e.g.: https://github.com/android/ndk/issues/171
+$(info Supports noexecstack assembler flag with unused arg suppression!)
+$(info $(CFLAGS))
+CFLAGS += -Qunused-arguments -Wa,--noexecstack
+$(info $(CFLAGS))
+else
+$(info Doesn't support noexecstack assembler flag!)
+endif
+endif
+
 HAVE_COLORNEVER = $(shell echo a | grep --color=never a > /dev/null 2> /dev/null && echo 1 || echo 0)
 GREP_OPTIONS ?=
 ifeq ($HAVE_COLORNEVER, 1)
--- a/programs/Makefile
+++ b/programs/Makefile
@ -62,8 +62,6 @@ else
  EXT =
 endif

-VOID = /dev/null
-
 # thread detection
 NO_THREAD_MSG := ==> no threads, building without multithreading support
 HAVE_PTHREAD := $(shell printf '$(NUM_SYMBOL)include <pthread.h>\nint main(void) { return 0; }' > have_pthread.c && $(CC) $(FLAGS) -o have_pthread$(EXT) have_pthread.c -pthread 2> $(VOID) && rm have_pthread$(EXT) && echo 1 || echo 0; rm have_pthread.c)