From 8738a36d30e2e94257c5b1ae9cd3e7c3d314808e Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Tue, 19 May 2015 15:05:13 +0200 Subject: [PATCH] build: add a switch to disable hardening functions Even when the tests succeed, on some platforms, hardening CFLAGS fail. For example, this is the case on OpenWRT. It seems that the executable needs to be linked to libssp. Difficult to test if the problem only happens at runtime since we can execute anything. --- configure.ac | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index eac2c65d..1877da2e 100644 --- a/configure.ac +++ b/configure.ac @@ -78,10 +78,7 @@ AX_CFLAGS_GCC_OPTION([-Wformat-security], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wfatal-errors], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wcast-align], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Winline], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-fstack-protector], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-fstack-protector-strong], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-fno-omit-frame-pointer], [LLDP_CFLAGS]) -AX_CFLAGS_GCC_OPTION([-D_FORTIFY_SOURCE=2], [LLDP_CPPFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-unused-parameter], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-missing-field-initializers], [LLDP_CFLAGS]) AX_CFLAGS_GCC_OPTION([-Wno-sign-compare], [LLDP_CFLAGS]) dnl Should be fixed later @@ -92,6 +89,20 @@ AX_LDFLAGS_OPTION([-Wl,-z,now], [LLDP_LDFLAGS]) lldp_CHECK_OS lldp_CFLAGS_OS +# Hardening +AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--enable-hardening], + [Enable compiler and linker options to frustrate memory corruption exploits @<:@yes@:>@])], + [hardening="$enableval"], + [hardening="yes"]) + +if test x"$hardening" != x"no"; then + AX_CFLAGS_GCC_OPTION([-fstack-protector], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-fstack-protector-all], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-fstack-protector-strong], [LLDP_CFLAGS]) + AX_CFLAGS_GCC_OPTION([-D_FORTIFY_SOURCE=2], [LLDP_CPPFLAGS]) +fi + AC_CACHE_SAVE # Checks for header files. -- 2.39.5