cc-wrapper: treat hardeningDisable as string
This fixes passing the env variable to the ld-wrapper through the gcc call. Wtf?!
This commit is contained in:
parent
1a5acdb695
commit
a9b942c061
@ -2,10 +2,10 @@ hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow)
|
|||||||
hardeningFlags+=("${hardeningEnable[@]}")
|
hardeningFlags+=("${hardeningEnable[@]}")
|
||||||
hardeningCFlags=()
|
hardeningCFlags=()
|
||||||
hardeningLDFlags=()
|
hardeningLDFlags=()
|
||||||
hardeningDisable=(${hardeningDisable[@]})
|
hardeningDisable=${hardeningDisable:-""}
|
||||||
|
|
||||||
if [[ "$($LD -z 2>&1)" =~ "unknown option" ]]; then
|
if [[ "$($LD -z 2>&1)" =~ "unknown option" ]]; then
|
||||||
hardeningDisable+=(bindnow relro)
|
hardeningDisable+=" bindnow relro"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi
|
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi
|
||||||
@ -14,7 +14,7 @@ if [[ ! $hardeningDisable == "all" ]]; then
|
|||||||
if [[ -n "$NIX_DEBUG" ]]; then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi
|
if [[ -n "$NIX_DEBUG" ]]; then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi
|
||||||
for flag in "${hardeningFlags[@]}"
|
for flag in "${hardeningFlags[@]}"
|
||||||
do
|
do
|
||||||
if [[ ! "${hardeningDisable[@]}" =~ "$flag" ]]; then
|
if [[ ! "${hardeningDisable}" =~ "$flag" ]]; then
|
||||||
case $flag in
|
case $flag in
|
||||||
fortify)
|
fortify)
|
||||||
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi
|
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: enabling fortify >&2; fi
|
||||||
|
Loading…
Reference in New Issue
Block a user