OK so after an hour of digging, here we go:
First off you need a specs file. You can check that by passing -v to the gcc command. If you're like me, you have:
gcc -v
Using built-in specs.
If that's the case, you simply need to create one. You can do so like this: (this was done on a CentOS 5.3 x86_64 machine)
gcc -dumpspecs > /usr/lib/gcc/x86_64-redhat-linux/4.1.2/specs
The directory specs goes in changes from system to system depending on distro, arch, and gcc version.
Now edit this file and find the line that says:
- Code: Select all
*link:
and add this to the end of the stuff on the next line:
- Code: Select all
%{!norelro: -z relro} %{relro: } %{!nonow: -z now} %{now: }
my full line looks like this:
- Code: Select all
*link:
%{!static:--eh-frame-hdr} %{!m32:-m elf_x86_64} %{m32:-m elf_i386} --hash-style=gnu %{shared:-shared} %{!shared: %{!static: %{rdynamic:-export-dynamic} %{m32:%{!dynamic-linker:-dynamic-linker /lib/ld-linux.so.2}} %{!m32:%{!dynamic-linker:-dynamic-linker /lib64/ld-linux-x86-64.so.2}}} %{static:-static}} %{!norelro: -z relro} %{relro: } %{!nonow: -z now} %{now: }
I got the info on how to modify the specs file from the gentoo wiki:
http://www.gentoo.org/proj/en/hardened/ ... lchain.xml