diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-12-20 09:20:02 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-12-20 09:20:02 +0000 |
commit | 5e9586160cced8cabc41ec1ec3954b1a706d3832 (patch) | |
tree | 4d8c80df7708a53776dd32b08cea1dfe84984ad4 /configure.ac | |
parent | f7e0fa90cd9aec9111e09379f964993cec7615ff (diff) | |
download | gnunet-5e9586160cced8cabc41ec1ec3954b1a706d3832.tar.gz gnunet-5e9586160cced8cabc41ec1ec3954b1a706d3832.zip |
Adding optional compiler and linker hardening options as per suggestion from Jacob
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 464201f92..44fa288a0 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -201,6 +201,26 @@ then | |||
201 | AC_MSG_ERROR([GNUnet needs libgcrypt]) | 201 | AC_MSG_ERROR([GNUnet needs libgcrypt]) |
202 | fi | 202 | fi |
203 | 203 | ||
204 | # Adam shostack suggests the following for Windows: | ||
205 | # -D_FORTIFY_SOURCE=2 -fstack-protector-all | ||
206 | AC_ARG_ENABLE(gcc-hardening, | ||
207 | AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), | ||
208 | [if test x$enableval = xyes; then | ||
209 | CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" | ||
210 | CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" | ||
211 | CFLAGS="$CFLAGS --param ssp-buffer-size=1" | ||
212 | LDFLAGS="$LDFLAGS -pie" | ||
213 | fi]) | ||
214 | |||
215 | # Linker hardening options | ||
216 | # Currently these options are ELF specific - you can't use this with MacOSX | ||
217 | AC_ARG_ENABLE(linker-hardening, | ||
218 | AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), | ||
219 | [if test x$enableval = xyes; then | ||
220 | LDFLAGS="$LDFLAGS -z relro -z now" | ||
221 | fi]) | ||
222 | |||
223 | |||
204 | extra_logging=GNUNET_NO | 224 | extra_logging=GNUNET_NO |
205 | AC_ARG_ENABLE([logging], | 225 | AC_ARG_ENABLE([logging], |
206 | AS_HELP_STRING([--enable-logging@<:@=value@:>@],[Enable logging calls. Possible values: yes,no,verbose,veryverbose ('yes' is the default)]), | 226 | AS_HELP_STRING([--enable-logging@<:@=value@:>@],[Enable logging calls. Possible values: yes,no,verbose,veryverbose ('yes' is the default)]), |