diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-08-05 23:27:15 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-08-05 23:27:15 +0000 |
commit | 150ca6a82afd79aa427154710b37af3013f04dfc (patch) | |
tree | 4699303ee667397c8d4cf5e8c14ef26c13d49242 | |
parent | 5ca4e2662113cb70fbcf40fc96d51f320d5d86fe (diff) | |
download | libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.tar.gz libextractor-150ca6a82afd79aa427154710b37af3013f04dfc.zip |
add hardening flags
-rw-r--r-- | configure.ac | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 2771b25..4247b77 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -207,6 +207,27 @@ fi | |||
207 | AM_CONDITIONAL(HAVE_CXX, test "x$HAVE_CXX" = "xyes") | 207 | AM_CONDITIONAL(HAVE_CXX, test "x$HAVE_CXX" = "xyes") |
208 | 208 | ||
209 | 209 | ||
210 | # Adam shostack suggests the following for Windows: | ||
211 | # -D_FORTIFY_SOURCE=2 -fstack-protector-all | ||
212 | AC_ARG_ENABLE(gcc-hardening, | ||
213 | AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), | ||
214 | [if test x$enableval = xyes; then | ||
215 | CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" | ||
216 | CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" | ||
217 | CFLAGS="$CFLAGS --param ssp-buffer-size=1" | ||
218 | LDFLAGS="$LDFLAGS -pie" | ||
219 | fi]) | ||
220 | |||
221 | |||
222 | # Linker hardening options | ||
223 | # Currently these options are ELF specific - you can't use this with MacOSX | ||
224 | AC_ARG_ENABLE(linker-hardening, | ||
225 | AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), | ||
226 | [if test x$enableval = xyes; then | ||
227 | LDFLAGS="$LDFLAGS -z relro -z now" | ||
228 | fi]) | ||
229 | |||
230 | |||
210 | # Checks for libraries. | 231 | # Checks for libraries. |
211 | 232 | ||
212 | # Redhat 9, gcc 3.2, libextractor_pdf barfs if we don't check for this | 233 | # Redhat 9, gcc 3.2, libextractor_pdf barfs if we don't check for this |