From: Nick M. <ni...@us...> - 2011-09-12 14:14:59
|
Author: Sebastian Hahn <seb...@to...> Date: Sun, 10 Apr 2011 18:25:05 +0200 Subject: Implement --enable-gcc-hardening configure option Commit: 755026771a6ec3c7da41010940ddbade43c77f22 Using --enable-gcc-hardening enables some additional safety features that gcc makes available such as stack smashing protection using canaries and ASLR. This commit is based on a patch for Tor: (git commit 04fa935e02270bc90aca0f1c652d31c7a872175b by Jacob Appelbaum) Copyright (c) 2007-2011, The Tor Project, Inc. --- configure.in | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/configure.in b/configure.in index 539af4c..532c629 100644 --- a/configure.in +++ b/configure.in @@ -56,6 +56,13 @@ fi AC_ARG_ENABLE(gcc-warnings, AS_HELP_STRING(--disable-gcc-warnings, disable verbose warnings with GCC)) +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[if test x$enableval = xyes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" +fi]) AC_ARG_ENABLE(thread-support, AS_HELP_STRING(--disable-thread-support, disable support for threading), -- 1.7.4.1 |