]> granicus.if.org Git - libevent/commitdiff
projects / libevent / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d46517e)
Implement --enable-gcc-hardening configure option
authorSebastian Hahn <sebastian@torproject.org>
Sun, 10 Apr 2011 16:25:05 +0000 (18:25 +0200)
committerNick Mathewson <nickm@torproject.org>
Mon, 12 Sep 2011 14:09:21 +0000 (10:09 -0400)
Using --enable-gcc-hardening enables some additional safety features
that gcc makes available such as stack smashing protection using
canaries and ASLR.

This commit is based on a patch for Tor:
(git commit 04fa935e02270bc90aca0f1c652d31c7a872175b by Jacob Appelbaum)
Copyright (c) 2007-2011, The Tor Project, Inc.

configure.in patch | blob | history

diff --git a/configure.in b/configure.in
index 539af4c2b35222f566b71b515f17ba4d1f37516e..532c62975fefbb93e7bef4ac7c914db663c4a6c7 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -56,6 +56,13 @@ fi
 AC_ARG_ENABLE(gcc-warnings,
      AS_HELP_STRING(--disable-gcc-warnings, disable verbose warnings with GCC))
 
+AC_ARG_ENABLE(gcc-hardening,
+     AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+fi])
 
 AC_ARG_ENABLE(thread-support,
      AS_HELP_STRING(--disable-thread-support, disable support for threading),
Unnamed repository; edit this file 'description' to name the repository.