add hardening flags

author: Christian Grothoff <christian@grothoff.org> 2012-08-05 23:27:15 +0000
committer: Christian Grothoff <christian@grothoff.org> 2012-08-05 23:27:15 +0000
commit: 150ca6a82afd79aa427154710b37af3013f04dfc (patch)
tree: 4699303ee667397c8d4cf5e8c14ef26c13d49242
parent: 5ca4e2662113cb70fbcf40fc96d51f320d5d86fe (diff)
download: libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.tar.gz
libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 2771b25..4247b77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -207,6 +207,27 @@ fi
 AM_CONDITIONAL(HAVE_CXX, test "x$HAVE_CXX" = "xyes")
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+   AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+fi])
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+  AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[if test x$enableval = xyes; then
+   LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
 # Checks for libraries.
 # Redhat 9, gcc 3.2, libextractor_pdf barfs if we don't check for this
author	Christian Grothoff <christian@grothoff.org>	2012-08-05 23:27:15 +0000
committer	Christian Grothoff <christian@grothoff.org>	2012-08-05 23:27:15 +0000
commit	150ca6a82afd79aa427154710b37af3013f04dfc (patch)
tree	4699303ee667397c8d4cf5e8c14ef26c13d49242
parent	5ca4e2662113cb70fbcf40fc96d51f320d5d86fe (diff)
download	libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.tar.gz libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.zip

diff --git a/configure.ac b/configure.ac index 2771b25..4247b77 100644 --- a/configure.ac +++ b/configure.ac
@@ -207,6 +207,27 @@ fi
207	AM_CONDITIONAL(HAVE_CXX, test "x$HAVE_CXX" = "xyes")	207	AM_CONDITIONAL(HAVE_CXX, test "x$HAVE_CXX" = "xyes")
208		208
209		209
		210	# Adam shostack suggests the following for Windows:
		211	# -D_FORTIFY_SOURCE=2 -fstack-protector-all
		212	AC_ARG_ENABLE(gcc-hardening,
		213	AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
		214	[if test x$enableval = xyes; then
		215	CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
		216	CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
		217	CFLAGS="$CFLAGS --param ssp-buffer-size=1"
		218	LDFLAGS="$LDFLAGS -pie"
		219	fi])
		220
		221
		222	# Linker hardening options
		223	# Currently these options are ELF specific - you can't use this with MacOSX
		224	AC_ARG_ENABLE(linker-hardening,
		225	AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
		226	[if test x$enableval = xyes; then
		227	LDFLAGS="$LDFLAGS -z relro -z now"
		228	fi])
		229
		230
210	# Checks for libraries.	231	# Checks for libraries.
211		232
212	# Redhat 9, gcc 3.2, libextractor_pdf barfs if we don't check for this	233	# Redhat 9, gcc 3.2, libextractor_pdf barfs if we don't check for this