enable_werror
enable_hardening
enable_pie
+enable_asan
enable_poll
enable_admin_flag
enable_nls
--disable-hardening Do not use compiler/linker exploit mitigation
options
--enable-pie Build sudo as a position independent executable.
+ --enable-asan Build sudo with address sanitizer support.
--disable-poll Use select() instead of poll().
--enable-admin-flag Whether to create a Ubuntu-style admin flag file
--disable-nls Disable natural language support using gettext
fi
+# Check whether --enable-asan was given.
+if test "${enable_asan+set}" = set; then :
+ enableval=$enable_asan;
+fi
+
+
# Check whether --enable-poll was given.
if test "${enable_poll+set}" = set; then :
enableval=$enable_poll;
fi
fi
+if test "$enable_asan" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fsanitize=address,undefined" >&5
+$as_echo_n "checking whether C compiler accepts -fsanitize=address,undefined... " >&6; }
+if ${ax_cv_check_cflags___fsanitize_address_undefined+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -fsanitize=address,undefined"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___fsanitize_address_undefined=yes
+else
+ ax_cv_check_cflags___fsanitize_address_undefined=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fsanitize_address_undefined" >&5
+$as_echo "$ax_cv_check_cflags___fsanitize_address_undefined" >&6; }
+if test x"$ax_cv_check_cflags___fsanitize_address_undefined" = xyes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fsanitize=address,undefined" >&5
+$as_echo_n "checking whether the linker accepts -fsanitize=address,undefined... " >&6; }
+if ${ax_cv_check_ldflags___fsanitize_address_undefined+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_check_ldflags___fsanitize_address_undefined=yes
+else
+ ax_cv_check_ldflags___fsanitize_address_undefined=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fsanitize_address_undefined" >&5
+$as_echo "$ax_cv_check_ldflags___fsanitize_address_undefined" >&6; }
+if test x"$ax_cv_check_ldflags___fsanitize_address_undefined" = xyes; then :
+
+ LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
+ CFLAGS="$CFLAGS -fsanitize=address,undefined"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5
+$as_echo_n "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; }
+if ${ax_cv_check_cflags___fno_omit_frame_pointer+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -fno-omit-frame-pointer"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___fno_omit_frame_pointer=yes
+else
+ ax_cv_check_cflags___fno_omit_frame_pointer=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_omit_frame_pointer" >&5
+$as_echo "$ax_cv_check_cflags___fno_omit_frame_pointer" >&6; }
+if test x"$ax_cv_check_cflags___fno_omit_frame_pointer" = xyes; then :
+
+ CFLAGS="$CFLAGS -fno-omit-frame-pointer"
+
+else
+ :
+fi
+
+ $as_echo "#define NO_LEAKS 1" >>confdefs.h
+
+
+else
+ :
+fi
+
+
+else
+ :
+fi
+
+fi
+
if test -n "$GCC"; then
if test -z "$enable_pie"; then
case "$host_os" in
+
AC_ARG_ENABLE(pie,
[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
+AC_ARG_ENABLE(asan,
+[AS_HELP_STRING([--enable-asan], [Build sudo with address sanitizer support.])])
+
AC_ARG_ENABLE(poll,
[AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])])
fi
fi
+dnl
+dnl Check for -fsanitize=address,undefined support
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test "$enable_asan" = "yes"; then
+ AX_CHECK_COMPILE_FLAG([-fsanitize=address,undefined], [
+ AX_CHECK_LINK_FLAG([-fsanitize=address,undefined], [
+ LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
+ CFLAGS="$CFLAGS -fsanitize=address,undefined"
+ AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [
+ CFLAGS="$CFLAGS -fno-omit-frame-pointer"
+ ])
+ AC_DEFINE(NO_LEAKS)
+ ])
+ ])
+fi
+
dnl
dnl Check for PIE executable support if using gcc.
dnl This test relies on AC_LANG_WERROR
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
+AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
projects / sudo / commitdiff