cvs commit: hints/ATTACHMENTS/ssp hgcc.sh

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Sun Feb 15 15:25:55 PST 2004


tushar      04/02/15 16:25:55

  Added:       ATTACHMENTS/ssp hgcc.sh
  Log:
  Added: hgcc
  
  Revision  Changes    Path
  1.1                  hints/ATTACHMENTS/ssp/hgcc.sh
  
  Index: hgcc.sh
  ===================================================================
  #!/bin/bash
  # Public Domain
  # I think this script should be in perl so echo, grep, and sed can be handled
  # internaly. Dumping directly to $GCC_SPECS might not be the best idea either.
  # This script has only been tested on gcc-3.3.2. It should work with 3.3.1.
  # This script should not work with gcc-2. There should be a version/sanity check.
  
  TITLE="Hardened Gnu C Compiler version zero dot three dot one"
  HGCC_VERSION="Hardened GCC v0.3.1 20040112 - Robert Connolly"
  
  # Use the first gcc from your $PATH. This should be more flexable, but it works
  # for now.
  
  GCC_SPECS_DIR="$(gcc --print-libgcc-file-name)"
  GCC_SPECS="$(dirname ${GCC_SPECS_DIR})/specs"
  
  SSP_OLD_STRING="$(cat ${GCC_SPECS} | grep cc1_cpu | grep profile)"
  
  # Filter -fstack-protector-all from Kernel and Glibc.
  
  SSP_PROT_ALL_STRING="%(cc1_cpu) %{!fno-stack-protector: %{!fno-stack-protector-all: %{!D__KERNEL__: -fstack-protector %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: -fstack-protector-all} } } } } } } %{profile:-p}"
  
  # If more gcc patches are used on top of propolice, this generic string might change.
  
  GENERIC_STRING="%(cc1_cpu) %{profile:-p}"
  
  CUR_SETS="\t\t Current Settings"
  
  usage() {
  	echo $TITLE
  	echo -e "Currently Supporting - ProPolice"
  	echo -e "\t\t -fa Set -fstack-protector-all (Recommended default)"
  	echo -e "\t\t -V Show current setting"
  	echo -e "\t\t -r Restore Spec file to original condition"
  	echo -e "\t\t -v Show script version"
  }
  
  protall() {
  	echo -e "\t\t Enabling -fstack-protector-all"	
  	sed -e "s;$SSP_OLD_STRING;$SSP_PROT_ALL_STRING;" -i $GCC_SPECS
  }
  
  show() {
  if [ "$SSP_OLD_STRING" = "$SSP_PROT_ALL_STRING" ]
  then
  	echo $TITLE
  	echo -e $CUR_SETS
  	echo -e "\t\t -fstack-protector-all (filtered) is the current setting"
  fi
  if [ "$SSP_OLD_STRING" = "$GENERIC_STRING" ]
  then
  	echo $TITLE
          echo -e $CUR_SETS
          echo -e "\t\t ProPolice is currently disabled"
  fi
  }
  
  restore() {
  	echo -e "\t\t Restoring GCC Specs File"
  	gcc -dumpspecs > $GCC_SPECS
  }
  
  if [ -z $* ]
  then
  usage
  else
  
  for i in $*
   do
  	case $i in
  	-fa) protall ;;
  	-V) show ;;
  	-r) restore ;;
  	-v) echo $HGCC_VERSION ;;
  	*) usage ;;
   esac
  done
  fi
  
  
  



More information about the hints mailing list