izackp/mosh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detect binary hardening flags supported by the compiler and linker

Browse Source
This commit is contained in:
Keegan McAllister
2012-03-25 03:41:06 -04:00
committed by Keith Winstein
parent f7fc34e0c7
commit ffd7332f8d
1 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configure.ac
+45
View File
@@ -44,6 +44,51 @@ AC_ARG_ENABLE([compile-warnings],
AC_SUBST([WARNING_CXXFLAGS])
AC_SUBST([PICKY_CXXFLAGS])
# We use the same hardening flags for C and C++. We must check that each flag
# is supported by both compilers.
AC_DEFUN([check_cc_cxx_flag],
[AC_LANG_PUSH(C)
AX_CHECK_COMPILE_FLAG([$1],
[AC_LANG_PUSH(C++)
AX_CHECK_COMPILE_FLAG([$1], [$2], [$3], [-Werror $4])
AC_LANG_POP(C++)],
[$3], [-Werror $4])
AC_LANG_POP(C)])
AC_DEFUN([check_link_flag],
[AX_CHECK_LINK_FLAG([$1], [$2], [$3], [-Werror $4])])
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--enable-hardening],
[Enable compiler and linker options to frustrate memory corruption exploits @<:@yes@:>@])],
[hardening="$enableval"],
[hardening="yes"])
HARDEN_CFLAGS=""
HARDEN_LDFLAGS=""
AS_IF([test x"$hardening" != x"no"], [
check_cc_cxx_flag([-fno-strict-overflow], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fno-strict-overflow"])
# This one will likely succeed, even on platforms where it does nothing.
check_cc_cxx_flag([-D_FORTIFY_SOURCE=2], [HARDEN_CFLAGS="$HARDEN_CFLAGS -D_FORTIFY_SOURCE=2"])
check_cc_cxx_flag([-fstack-protector-all],
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-protector-all"
check_cc_cxx_flag([-Wstack-protector], [HARDEN_CFLAGS="$HARDEN_CFLAGS -Wstack-protector"],
[], [-fstack-protector-all])
check_cc_cxx_flag([--param ssp-buffer-size=1], [HARDEN_CFLAGS="$HARDEN_CFLAGS --param ssp-buffer-size=1"],
[], [-fstack-protector-all])])
check_cc_cxx_flag([-fPIE],
[check_link_flag([-pie],
[HARDEN_CFLAGS="$HARDEN_CFLAGS -fPIE"
HARDEN_LDFLAGS="$HARDEN_LDFLAGS -pie"])])
check_link_flag([-Wl,-z,relro],
[HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,relro"
check_link_flag([-Wl,-z,now], [HARDEN_LDFLAGS="$HARDEN_LDFLAGS -Wl,-z,now"])])])
AC_SUBST([HARDEN_CFLAGS])
AC_SUBST([HARDEN_LDFLAGS])
AC_ARG_ENABLE([client],
[AS_HELP_STRING([--enable-client], [Build the mosh-client program @<:@yes@:>@])],
[build_client="$enableval"],