additional compiler hardening flags
Corinna Vinschen
vinschen at redhat.com
Thu Apr 18 17:16:22 EST 2013
Hi Darren,
On Apr 18 11:41, Darren Tucker wrote:
> On Thu, Apr 18, 2013 at 11:16:13AM +1000, Darren Tucker wrote:
> > Anyway, we could easily add a configure knob to turn it off should that
> > be necessary.
>
> here's an updated patch without -fPIC, and with a configure knob
> (--without-hardening) to turn this off.
> [...]
> +dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag])
> +dnl Check that $LD accepts a flag 'check_flag'. If it is supported append
> +dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append
> +dnl 'check_flag'.
> +AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{
> + AC_MSG_CHECKING([if $LD supports $1])
> + saved_LDFLAGS="$LDFLAGS"
> + LDFLAGS="$LDFLAGS $1"
> + _define_flag="$2"
> + test "x$_define_flag" = "x" && _define_flag="$1"
> + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
> + [ AC_MSG_RESULT([yes])
> + LDFLAGS="$saved_LDFLAGS $_define_flag"],
> + [ AC_MSG_RESULT([no])
> + LDFLAGS="$saved_LDFLAGS" ]
> + )
> +}])
Does this check also catch the situation that commandline options
are only warned about? On PE/COFF platforms, the -fPIE option is
ignored, but the build will then be littered with warnings:
$ gcc -fPIE -c x.c
x.c:1:0: warning: -fPIC ignored for target (all code is position independent) [enabled by default]
#include <stdio.h>
^
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
More information about the openssh-unix-dev
mailing list