From: Vincent Bernat Date: Wed, 7 Jul 2010 13:34:17 +0000 (+0200) Subject: Harden lldpd with the use of RELRO and NOW linker options. X-Git-Tag: 0.5.2~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a37f8fd665f3a923e0db677fd7a1a9149cdc7c96;p=thirdparty%2Flldpd.git Harden lldpd with the use of RELRO and NOW linker options. See: http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml --- diff --git a/configure.ac b/configure.ac index d2c7014f..34fa4a69 100644 --- a/configure.ac +++ b/configure.ac @@ -49,6 +49,8 @@ AX_CFLAGS_GCC_OPTION([-fstack-protector]) AX_CFLAGS_GCC_OPTION([-D_FORTIFY_SOURCE=2]) AX_CFLAGS_GCC_OPTION([-Wno-unused-parameter]) AX_CFLAGS_GCC_OPTION([-Wno-sign-compare]) dnl Should be fixed later +AX_LDFLAGS_OPTION([-Wl,-z,relro]) +AX_LDFLAGS_OPTION([-Wl,-z,now]) AC_CACHE_SAVE diff --git a/m4/ax_ld_check_flag.m4 b/m4/ax_ld_check_flag.m4 new file mode 100644 index 00000000..2f560c68 --- /dev/null +++ b/m4/ax_ld_check_flag.m4 @@ -0,0 +1,97 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_ld_check_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_LD_CHECK_FLAG(FLAG-TO-CHECK,[PROLOGUE],[BODY],[ACTION-IF-SUCCESS],[ACTION-IF-FAILURE]) +# +# DESCRIPTION +# +# This macro tests if the C++ compiler supports the flag FLAG-TO-CHECK. If +# successfull execute ACTION-IF-SUCCESS otherwise ACTION-IF-FAILURE. +# PROLOGUE and BODY are optional and should be used as in AC_LANG_PROGRAM +# macro. +# +# Example: +# +# AX_LD_CHECK_FLAG([-Wl,-L/usr/lib],[],[],[ +# ... +# ],[ +# ... +# ]) +# +# This code is inspired from KDE_CHECK_COMPILER_FLAG macro. Thanks to +# Bogdan Drozdowski for testing and bug fixes. +# +# LICENSE +# +# Copyright (c) 2008 Francesco Salvestrini +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 6 + +AC_DEFUN([AX_LD_CHECK_FLAG],[ + AC_PREREQ([2.61]) + AC_REQUIRE([AC_PROG_CXX]) + AC_REQUIRE([AC_PROG_SED]) + + flag=`echo "$1" | $SED 'y% .=/+-(){}<>:*,%_______________%'` + + AC_CACHE_CHECK([whether the linker accepts the $1 flag], + [ax_cv_ld_check_flag_$flag],[ + + #AC_LANG_PUSH([C]) + + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $1" + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([$2],[$3]) + ],[ + eval "ax_cv_ld_check_flag_$flag=yes" + ],[ + eval "ax_cv_ld_check_flag_$flag=no" + ]) + + LDFLAGS="$save_LDFLAGS" + + #AC_LANG_POP + + ]) + + AS_IF([eval "test \"`echo '$ax_cv_ld_check_flag_'$flag`\" = yes"],[ + : + $4 + ],[ + : + $5 + ]) +]) + +AC_DEFUN([AX_LDFLAGS_OPTION],[ + AX_LD_CHECK_FLAG([$1],[],[],[LDFLAGS="$LDFLAGS $1"])])