]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f1484f)
Meson: Hardening - Stack Clash Protection
authorFred Morcos <fred.morcos@open-xchange.com>
Fri, 13 Oct 2023 08:17:39 +0000 (10:17 +0200)
committerFred Morcos <fred.morcos@open-xchange.com>
Wed, 20 Mar 2024 12:28:52 +0000 (13:28 +0100)
meson/hardening/meson.build patch | blob | blame | history
meson/hardening/stack-clash-prot/meson.build [new file with mode: 0644] patch | blob
meson_options.txt patch | blob | blame | history

diff --git a/meson/hardening/meson.build b/meson/hardening/meson.build
index 05df75533bba6cbaf71c7bd93975e3d322321fca..1859c63bafb85bbcebbd0c4ee15a9fe9eda6033d 100644 (file)
--- a/meson/hardening/meson.build
+++ b/meson/hardening/meson.build
@@ -31,3 +31,4 @@ endif
 
 subdir('fortify-source')      # Fortify Source
 subdir('control-flow')        # Control Flow Protection
+subdir('stack-clash-prot')    # Stack Clash Protection
diff --git a/meson/hardening/stack-clash-prot/meson.build b/meson/hardening/stack-clash-prot/meson.build
new file mode 100644 (file)
index 0000000..cce9ae1
--- /dev/null
+++ b/meson/hardening/stack-clash-prot/meson.build
@@ -0,0 +1,10 @@
+opt_scp = get_option('hardening-experimental-scp')
+
+support_scp = not opt_scp.disabled() and cxx.has_argument('-fstack-clash-protection')
+if support_scp
+  add_project_arguments('-fstack-clash-protection', language: ['c', 'cpp'])
+elif opt_scp.enabled()
+  error('Stack Clash Protection was explicitly requested but is not supported by the compiler')
+endif
+
+summary('Stack Clash Protection', support_scp, bool_yn: true, section: 'Hardening')
diff --git a/meson_options.txt b/meson_options.txt
index 12f3e0d6d25f72d4a8ea6743243ed936f538a3b4..64d5dc8d2c8af806512abe0f234b0720ba9af734 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,6 +1,7 @@
 option('lua', type: 'combo', choices: ['auto', 'luajit', 'lua'], value: 'auto', description: 'Lua implementation to use')
 option('hardening', type: 'feature', value: 'auto', description: 'Compiler security checks')
 option('hardening-experimental-cf', type: 'combo', choices: ['disabled', 'full', 'branch', 'return', 'check'], value: 'disabled', description: 'Control Flow hardening')
+option('hardening-experimental-scp', type: 'feature', value: 'disabled', description: 'Stack Clash Protection')
 option('hardening-fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level')
 option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG')
 option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')
Unnamed repository; edit this file 'description' to name the repository.