diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-04-17 18:34:17 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-04-17 18:34:17 +0300 |
| commit | 03c29b63e0e4c4036dafaa382cd0db1fe400a7a2 (patch) | |
| tree | 9679b3ad4e131b14b29d237da6d762ebcd1ff685 | |
| parent | 7570030f7125f2fbc4e0c931ba09ca93c9218a71 (diff) | |
| download | libmicrohttpd-03c29b63e0e4c4036dafaa382cd0db1fe400a7a2.tar.gz libmicrohttpd-03c29b63e0e4c4036dafaa382cd0db1fe400a7a2.zip | |
configure: improved usage of 'pie' mode for hardening
| -rw-r--r-- | configure.ac | 35 |
1 files changed, 16 insertions, 19 deletions
diff --git a/configure.ac b/configure.ac index 84af625d..50f3055e 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -313,33 +313,30 @@ AS_VAR_IF([enable_compiler_hardening],["yes"], | |||
| 313 | MHD_FIND_ADD_CC_CFLAG([CFLAGS_ac],[-fstack-protector-strong],[-fstack-protector-all],[-fstack-protector]) | 313 | MHD_FIND_ADD_CC_CFLAG([CFLAGS_ac],[-fstack-protector-strong],[-fstack-protector-all],[-fstack-protector]) |
| 314 | MHD_CHECK_ADD_CC_CFLAGS([-fstack-clash-protection -ftrivial-auto-var-init=pattern],[CFLAGS_ac]) | 314 | MHD_CHECK_ADD_CC_CFLAGS([-fstack-clash-protection -ftrivial-auto-var-init=pattern],[CFLAGS_ac]) |
| 315 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" | 315 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" |
| 316 | AS_VAR_IF([pic_mode],["no"],[], | 316 | AS_IF([test "x${enable_static}" = "xyes" && test "x${pic_mode}" != "xyes"], |
| 317 | [ | 317 | [ |
| 318 | AS_VAR_IF([enable_shared],["yes"],[], | 318 | # PIE static lib can be used within non-PIE application, but |
| 319 | # PIE static lib cannot be used in non-PIE shared lib. Let's assume | ||
| 320 | # that static lib will not be used in shared lib | ||
| 321 | # All "pie" flags will be used automatically by libtool only | ||
| 322 | # for static library objects. | ||
| 323 | CFLAGS="${user_CFLAGS}" | ||
| 324 | # Perform tests here with "-pie" enabled | ||
| 325 | LDFLAGS="${LDFLAGS_ac} -pie ${user_LDFLAGS}" | ||
| 326 | MHD_CHECK_ADD_CC_CFLAG([-fPIE],[CFLAGS_ac], | ||
| 319 | [ | 327 | [ |
| 320 | # PIE cannot be used for shared lib | 328 | MHD_APPEND_FLAG_TO_VAR([LDFLAGS_ac],[-pie]) |
| 321 | # PIE static lib can be used within non-PIE application, but | 329 | ], |
| 322 | # PIE static lib cannot be used in non-PIE shared lib. Let's assume | 330 | [ |
| 323 | # that static lib will not be used in shared lib | 331 | MHD_CHECK_ADD_CC_CFLAG([-fpie],[CFLAGS_ac], |
| 324 | CFLAGS="${user_CFLAGS}" | ||
| 325 | # Perform tests with "-pie" enabled | ||
| 326 | LDFLAGS="${LDFLAGS_ac} -pie ${user_LDFLAGS}" | ||
| 327 | MHD_CHECK_ADD_CC_CFLAG([-fPIE],[CFLAGS_ac], | ||
| 328 | [ | 332 | [ |
| 329 | MHD_APPEND_FLAG_TO_VAR([LDFLAGS_ac],[-pie]) | 333 | MHD_APPEND_FLAG_TO_VAR([LDFLAGS_ac],[-pie]) |
| 330 | ], | ||
| 331 | [ | ||
| 332 | MHD_CHECK_CC_CFLAG([-fpie],[CFLAGS_ac], | ||
| 333 | [ | ||
| 334 | MHD_APPEND_FLAG_TO_VAR([LDFLAGS_ac],[-pie]) | ||
| 335 | ] | ||
| 336 | ) | ||
| 337 | ] | 334 | ] |
| 338 | ) | 335 | ) |
| 339 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" | ||
| 340 | LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}" | ||
| 341 | ] | 336 | ] |
| 342 | ) | 337 | ) |
| 338 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" | ||
| 339 | LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}" | ||
| 343 | ] | 340 | ] |
| 344 | ) | 341 | ) |
| 345 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" | 342 | CFLAGS="${CFLAGS_ac} ${user_CFLAGS}" |