additional compiler hardening flags
Corinna Vinschen
vinschen at redhat.com
Thu Apr 18 18:23:57 EST 2013
On Apr 18 09:16, Corinna Vinschen wrote:
> Hi Darren,
>
> On Apr 18 11:41, Darren Tucker wrote:
> > On Thu, Apr 18, 2013 at 11:16:13AM +1000, Darren Tucker wrote:
> > > Anyway, we could easily add a configure knob to turn it off should that
> > > be necessary.
> >
> > here's an updated patch without -fPIC, and with a configure knob
> > (--without-hardening) to turn this off.
> > [...]
> > +dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag])
> > +dnl Check that $LD accepts a flag 'check_flag'. If it is supported append
> > +dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append
> > +dnl 'check_flag'.
> > +AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{
> > + AC_MSG_CHECKING([if $LD supports $1])
> > + saved_LDFLAGS="$LDFLAGS"
> > + LDFLAGS="$LDFLAGS $1"
> > + _define_flag="$2"
> > + test "x$_define_flag" = "x" && _define_flag="$1"
> > + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
> > + [ AC_MSG_RESULT([yes])
> > + LDFLAGS="$saved_LDFLAGS $_define_flag"],
> > + [ AC_MSG_RESULT([no])
> > + LDFLAGS="$saved_LDFLAGS" ]
> > + )
> > +}])
>
> Does this check also catch the situation that commandline options
> are only warned about? On PE/COFF platforms, the -fPIE option is
> ignored, but the build will then be littered with warnings:
>
> $ gcc -fPIE -c x.c
^^^^^
> x.c:1:0: warning: -fPIC ignored for target (all code is position independent) [enabled by default]
^^^^^
Yes, that's not a typo or copy/paster error on my part. gcc returns
this text even when using the -fPIE option.
> #include <stdio.h>
> ^
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
More information about the openssh-unix-dev
mailing list