Detect binary hardening flags supported by the compiler and linker
This commit is contained in:
Keegan McAllister
committed by
Keith Winstein
Keith Winstein
parent
f7fc34e0c7
commit
ffd7332f8d
@@ -44,6 +44,51 @@ AC_ARG_ENABLE([compile-warnings],
|
|||||||
AC_SUBST([WARNING_CXXFLAGS])
|
AC_SUBST([WARNING_CXXFLAGS])
|
||||||
AC_SUBST([PICKY_CXXFLAGS])
|
AC_SUBST([PICKY_CXXFLAGS])
|
||||||
|
|
||||||
|
# We use the same hardening flags for C and C++. We must check that each flag
|
||||||
|
# is supported by both compilers.
|
||||||
|
AC_DEFUN([check_cc_cxx_flag],
|
||||||
|
[AC_LANG_PUSH(C)
|
||||||
|
AX_CHECK_COMPILE_FLAG([$1],
|
||||||
|
[AC_LANG_PUSH(C++)
|
||||||
|
AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])
|
||||||
|
AC_LANG_POP(C++)],
|
||||||
|
[$3], [-Werror $4])
|
||||||
|
AC_LANG_POP(C)])
|
||||||
|
AC_DEFUN([check_link_flag],
|
||||||
|
[AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([hardening],
|
||||||
|
[AS_HELP_STRING([--enable-hardening],
|
||||||
|
[Enable compiler and linker options to frustrate memory corruption exploits @<:@yes@:>@])],
|
||||||
|
[hardening="$enableval"],
|
||||||
|
[hardening="yes"])
|
||||||
|
|
||||||
|
HARDEN_CFLAGS=""
|
||||||
|
HARDEN_LDFLAGS=""
|
||||||
|
AS_IF([test x"$hardening" != x"no"], [
|
||||||
|
check_cc_cxx_flag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
|
||||||
|
|
||||||
|
# This one will likely succeed, even on platforms where it does nothing.
|
||||||
|
check_cc_cxx_flag([-D_FORTIFY_SOURCE=2], [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
|
||||||
|
|
||||||
|
check_cc_cxx_flag([-fstack-protector-all],
|
||||||
|
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-protector-all"
|
||||||
|
check_cc_cxx_flag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
|
||||||
|
[], [-fstack-protector-all])
|
||||||
|
check_cc_cxx_flag([--param ssp-buffer-size=1], [HARDEN_CFLAGS="$HARDEN_CFLAGS --param ssp-buffer-size=1"],
|
||||||
|
[], [-fstack-protector-all])])
|
||||||
|
|
||||||
|
check_cc_cxx_flag([-fPIE],
|
||||||
|
[check_link_flag([-pie],
|
||||||
|
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fPIE"
|
||||||
|
HARDEN_LDFLAGS="$HARDEN_LDFLAGS -pie"])])
|
||||||
|
|
||||||
|
check_link_flag([-Wl,-z,relro],
|
||||||
|
[HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
|
||||||
|
check_link_flag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])])
|
||||||
|
AC_SUBST([HARDEN_CFLAGS])
|
||||||
|
AC_SUBST([HARDEN_LDFLAGS])
|
||||||
|
|
||||||
AC_ARG_ENABLE([client],
|
AC_ARG_ENABLE([client],
|
||||||
[AS_HELP_STRING([--enable-client], [Build the mosh-client program @<:@yes@:>@])],
|
[AS_HELP_STRING([--enable-client], [Build the mosh-client program @<:@yes@:>@])],
|
||||||
[build_client="$enableval"],
|
[build_client="$enableval"],
|
||||||
|
|||||||
Reference in New Issue
Block a user