diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-01-24 18:59:42 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-01-24 18:59:42 +0100 |
| commit | ee77c6ff211e961fdedb7a6a44ee0fd0a9a5a042 (patch) | |
| tree | 1c2b14bcca526ec79f4dd3b9da0f5ed90a847e75 /configure.ac | |
| parent | d004d4a89e0f6799d08d6a6b33c558b5a9eb480e (diff) | |
fix #8209
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index af7dc820..0a8b2a58 100644 --- a/configure.ac +++ b/configure.ac @@ -61,8 +61,34 @@ AS_IF([test "x$doc_only" != xyes],[ # Checks for programs. AC_PROG_CC + + CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS" +# Adam shostack suggests the following for Windows: +# -D_FORTIFY_SOURCE=2 -fstack-protector-all +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[AS_IF([test x$enableval = xyes],[ + CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + LDFLAGS="$LDFLAGS -pie"])]) + + +# Linker hardening options +# Currently these options are ELF specific - you can't use this with MacOSX +AC_ARG_ENABLE(linker-hardening, + AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), + [AS_IF([test x$enableval = xyes],[LDFLAGS="$LDFLAGS -z relro -z now"])]) + + +AC_ARG_ENABLE(sanitizer, + AS_HELP_STRING(--enable-sanitizer, enable Address Sanitizer and Undefined Behavior Sanitizer), +[AS_IF([test x$enableval = xyes],[ + LDFLAGS="$CFLAGS -fsanitize=address,undefined -fno-omit-frame-pointer" + ])]) + # Checks for header files. AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h]) |