diff options
| author | fanquake <fanquake@gmail.com> | 2020-06-18 13:31:07 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2020-06-19 17:20:27 +0800 |
| commit | 076183b36b76a11438463883ff916f17aef9e001 (patch) | |
| tree | 0fd11ad5682521d0a0587169a6a43d5688c0605b /configure.ac | |
| parent | c940c1ad8547eb7df1dcbd6f4e566820664d19c9 (diff) | |
build: add -fcf-protection=full to hardening options
Enables code instrumentation of control-flow transfers. Available in
GCC 8 and Clang 7.
This option is now on by default in Ubuntu GCC as of 19.10.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 12bece6903..fe8ce1a8f7 100644 --- a/configure.ac +++ b/configure.ac @@ -785,6 +785,7 @@ if test x$use_hardening != xno; then AX_CHECK_COMPILE_FLAG([-Wstack-protector],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -Wstack-protector"]) AX_CHECK_COMPILE_FLAG([-fstack-protector-all],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-protector-all"]) + AX_CHECK_COMPILE_FLAG([-fcf-protection=full],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fcf-protection=full"]) dnl When enable_debug is yes, all optimizations are disabled. dnl However, FORTIFY_SOURCE requires that there is some level of optimization, otherwise it does nothing and just creates a compiler warning. dnl Since FORTIFY_SOURCE is a no-op without optimizations, do not enable it when enable_debug is yes. |