compiler: -fexceptions hardening

This hardens multi-threaded C. Without it, the implementation of thread
cancellation handlers (introduced by pthread_cleanup_push) uses a completely
unprotected function pointer on the stack. This function pointer can simplify
the exploitation of stack-based buffer overflows even if the thread in question
is never canceled.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/configure.ac b/configure.ac
index 28efe43e179280840ed50b8191f2c6ba70f0dd4e..3abee054f754c5342ef2dcd9299e1bdaefa82e35 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -721,6 +721,7 @@ AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror])
 
 AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
 AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])