diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-07-14 17:43:50 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-07-14 17:43:50 +0200 |
commit | 4d4319b84a92d56a1871f7507de34137fb644fb0 (patch) | |
tree | 7a25965d12ffb2ad2a59cf9dde3d4ed826736f7c /configure.ac | |
parent | 7b6c4a061f714dca55144349fa5125c3d33dfaca (diff) | |
download | exchange-4d4319b84a92d56a1871f7507de34137fb644fb0.tar.xz |
-off by 1
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 2ead756dd..f48835dff 100644 --- a/configure.ac +++ b/configure.ac @@ -236,6 +236,28 @@ AS_IF([test "x$enableval" = "xno"], [enable_dev=0]) AC_DEFINE_UNQUOTED([HAVE_DEVELOPER],[$enable_dev],[1 if developer logic is enabled, 0 otherwise]) + +# Adam shostack suggests the following for Windows: +# -D_FORTIFY_SOURCE=2 -fstack-protector-all +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[if test x$enableval = xyes; then + CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + LDFLAGS="$LDFLAGS -pie" +fi]) + + +# Linker hardening options +# Currently these options are ELF specific - you can't use this with MacOSX +AC_ARG_ENABLE(linker-hardening, + AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), +[if test x$enableval = xyes; then + LDFLAGS="$LDFLAGS -z relro -z now" +fi]) + + # logging extra_logging=0 AC_ARG_ENABLE([logging], |