diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-05-11 15:08:16 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-05-11 15:08:16 -0400 |
| commit | e36cd016337f26188f572e0bd511a4f8b72c07dc (patch) | |
| tree | 6abd9705c4b1922b3b62940ee73b3315239a8776 /configure.in | |
| parent | 62f3121a3d209fb4f826988d53b1aac93842502c (diff) | |
| download | tor-e36cd016337f26188f572e0bd511a4f8b72c07dc.tar tor-e36cd016337f26188f572e0bd511a4f8b72c07dc.tar.gz | |
Try to manually test for whether the compiler hardening flags work
Also, make the check for whether they're on by default work; there's
no need to mess around with this "$enableval" silliness.
Diffstat (limited to 'configure.in')
| -rw-r--r-- | configure.in | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/configure.in b/configure.in index 4a3ed0e6c..d894c73df 100644 --- a/configure.in +++ b/configure.in @@ -122,25 +122,12 @@ dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows dnl This requires that we use gcc and that we add -O2 to the CFLAGS. AC_ARG_ENABLE(gcc-hardening, - AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks), - [], - [enableval=yes;]) -[if test x$enableval = xyes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" - CFLAGS="$CFLAGS --param ssp-buffer-size=1" - LDFLAGS="$LDFLAGS -pie" -fi] + AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks)) dnl Linker hardening options dnl Currently these options are ELF specific - you can't use this with MacOSX AC_ARG_ENABLE(linker-hardening, - AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups), - [], - [enableval=yes;]) -AC_CHECK_HEADER([elf.h], [if test x$enableval = xyes; then - LDFLAGS="$LDFLAGS -z relro -z now" -fi]) + AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups)) AC_ARG_ENABLE(local-appdata, AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows)) @@ -184,6 +171,20 @@ AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue) AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue) AM_PROG_CC_C_O +if test x$enable_gcc_hardening != xno; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" + TOR_CHECK_CFLAGS(-fstack-protector-all) + TOR_CHECK_CFLAGS(-Wstack-protector) + TOR_CHECK_CFLAGS(-fwrapv) + TOR_CHECK_CFLAGS(-fPIE) + TOR_CHECK_CFLAGS(--param ssp-buffer-size=1) + TOR_CHECK_LDFLAGS(-pie) +fi + +if test x$enable_linker_hardening != xno; then + TOR_CHECK_LDFLAGS(-z relro -z now) +fi + ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [ AC_C_FLEXIBLE_ARRAY_MEMBER ], [ |