71 lines
2.5 KiB
Diff
71 lines
2.5 KiB
Diff
From a908793d8c816ba8e08950f7407de2ea9d144800 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <a908793d8c816ba8e08950f7407de2ea9d144800.1622734184.git.dcaratti@redhat.com>
|
|
From: dddaniel <d.danzberger@ddf-software.de>
|
|
Date: Fri, 23 Apr 2021 23:19:23 +0200
|
|
Subject: [PATCH] configure: add --disable-stack-protection option (#125)
|
|
|
|
Enabling -DFORTIFY_SOURCE=* and -fstack-protector-* by default may
|
|
overwrite global (build) system settings, causing redefinition errors at
|
|
compile time.
|
|
---
|
|
configure.ac | 37 +++++++++++++++++++++++++------------
|
|
1 file changed, 25 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 3d6a2f0..4be1b81 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -255,24 +255,37 @@ AX_APPEND_COMPILE_FLAGS([-Wextra -Werror -pedantic])
|
|
# ---------------------------------------------------------------
|
|
# Enable compile-time defense
|
|
# ---------------------------------------------------------------
|
|
-# Fortify source
|
|
-# Enabling optimization implies _FORTIFY_SOURCE on some platforms.
|
|
-# Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
|
|
-# desired fortification level.
|
|
-AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
|
|
-AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
|
|
+
|
|
+AC_ARG_ENABLE(stack-protection,
|
|
+ [AS_HELP_STRING([--disable-stack-protection],
|
|
+ [Disable compiler stack protection.
|
|
+ FORTIFY_SOURCE=2 and -fstack-protector-strong]
|
|
+ )],
|
|
+ [],
|
|
+ [enable_stack_protection=yes])
|
|
+
|
|
+AS_IF([test "x$enable_stack_protection" = "xyes"],
|
|
+ [
|
|
+ # Fortify source
|
|
+ # Enabling optimization implies _FORTIFY_SOURCE on some platforms.
|
|
+ # Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
|
|
+ # desired fortification level.
|
|
+ AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
|
|
+ AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
|
|
+
|
|
+ # Stack-based buffer overrun detection
|
|
+ MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
|
|
+ [# GCC < 4.9
|
|
+ MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
|
|
+ ])
|
|
+ ],[]
|
|
+ )
|
|
|
|
# Format string vulnerabilities
|
|
# -Wformat=2 implies:
|
|
# -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
|
|
AX_APPEND_COMPILE_FLAGS([-Wformat=2])
|
|
|
|
-# Stack-based buffer overrun detection
|
|
-MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
|
|
- [# GCC < 4.9
|
|
- MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
|
|
- ])
|
|
-
|
|
# Position Independent Execution (PIE)
|
|
AX_APPEND_COMPILE_FLAGS([-fPIE], [EXECUTABLE_CFLAGS])
|
|
AC_SUBST([EXECUTABLE_CFLAGS])
|
|
--
|
|
2.31.1
|
|
|