From: Vincent Bernat Date: Tue, 19 May 2015 13:05:13 +0000 (+0200) Subject: build: add a switch to disable hardening functions X-Git-Tag: 0.7.15~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8738a36d30e2e94257c5b1ae9cd3e7c3d314808e;p=thirdparty%2Flldpd.git build: add a switch to disable hardening functions Even when the tests succeed, on some platforms, hardening CFLAGS fail. For example, this is the case on OpenWRT. It seems that the executable needs to be linked to libssp. Difficult to test if the problem only happens at runtime since we can execute anything. --- diff --git a/configure.ac b/configure.ac index eac2c65d..1877da2e 100644 --- a/configure.ac +++ b/configure.ac @@ -78,10 +78,7 @@ AX_CFLAGS_GCC_OPTION([-Wformat-security], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wfatal-errors], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wcast-align], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Winline], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-fstack-protector], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-fstack-protector-strong], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-fno-omit-frame-pointer], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-D_FORTIFY_SOURCE=2], [LLDP_CPPFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-unused-parameter], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-missing-field-initializers], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-sign-compare], [LLDP_CFLAGS]) dnl Should be fixed later @@ -92,6 +89,20 @@ AX_LDFLAGS_OPTION([-Wl,-z,now], [LLDP_LDFLAGS]) lldp_CHECK_OS lldp_CFLAGS_OS +# Hardening +AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--enable-hardening], + [Enable compiler and linker options to frustrate memory corruption exploits @<:@yes@:>@])], + [hardening="$enableval"], + [hardening="yes"]) + +if test x"$hardening" != x"no"; then + AX_CFLAGS_GCC_OPTION([-fstack-protector], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-fstack-protector-all], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-fstack-protector-strong], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-D_FORTIFY_SOURCE=2], [LLDP_CPPFLAGS]) +fi + AC_CACHE_SAVE # Checks for header files.