From: Todd C. Miller Date: Fri, 11 Jan 2013 14:39:59 +0000 (-0500) Subject: Use -fstack-protector-all in preference to -fstack-protector X-Git-Tag: SUDO_1_8_6p4~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dbea54fa69977a5ef765f07c0395f64f71dfa863;p=sudo Use -fstack-protector-all in preference to -fstack-protector where supported. --HG-- branch : 1.8 --- diff --git a/configure b/configure index 730724615..e079113c2 100755 --- a/configure +++ b/configure @@ -20762,7 +20762,83 @@ fi if test "$enable_hardening" != "no"; then if test -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5 +$as_echo_n "checking whether C compiler accepts -fstack-protector-all... " >&6; } +if ${ax_cv_check_cflags___fstack_protector_all+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fstack-protector-all" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags___fstack_protector_all=yes +else + ax_cv_check_cflags___fstack_protector_all=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5 +$as_echo "$ax_cv_check_cflags___fstack_protector_all" >&6; } +if test x"$ax_cv_check_cflags___fstack_protector_all" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-all" >&5 +$as_echo_n "checking whether the linker accepts -fstack-protector-all... " >&6; } +if ${ax_cv_check_ldflags___fstack_protector_all+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -fstack-protector-all" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_check_ldflags___fstack_protector_all=yes +else + ax_cv_check_ldflags___fstack_protector_all=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_all" >&5 +$as_echo "$ax_cv_check_ldflags___fstack_protector_all" >&6; } +if test x"$ax_cv_check_ldflags___fstack_protector_all" = xyes; then : + + SSP_CFLAGS="-fstack-protector-all" + SSP_LDFLAGS="-Wc,-fstack-protector-all" + +else + : +fi + + +else + : +fi + + if test -z "$SSP_CFLAGS"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5 $as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; } if ${ax_cv_check_cflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 @@ -20793,7 +20869,7 @@ fi $as_echo "$ax_cv_check_cflags___fstack_protector" >&6; } if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5 $as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; } if ${ax_cv_check_ldflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 @@ -20825,8 +20901,8 @@ fi $as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; } if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then : - SSP_CFLAGS="-fstack-protector" - SSP_LDFLAGS="-Wc,-fstack-protector" + SSP_CFLAGS="-fstack-protector" + SSP_LDFLAGS="-Wc,-fstack-protector" else : @@ -20837,6 +20913,7 @@ else : fi + fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 $as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; } diff --git a/configure.in b/configure.in index 5d4b53f64..950e0fbf1 100644 --- a/configure.in +++ b/configure.in @@ -3404,12 +3404,20 @@ dnl This test relies on AC_LANG_WERROR dnl if test "$enable_hardening" != "no"; then if test -n "$GCC"; then - AX_CHECK_COMPILE_FLAG([-fstack-protector], [ - AX_CHECK_LINK_FLAG([-fstack-protector], [ - SSP_CFLAGS="-fstack-protector" - SSP_LDFLAGS="-Wc,-fstack-protector" + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], [ + SSP_CFLAGS="-fstack-protector-all" + SSP_LDFLAGS="-Wc,-fstack-protector-all" ]) ]) + if test -z "$SSP_CFLAGS"; then + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], [ + SSP_CFLAGS="-fstack-protector" + SSP_LDFLAGS="-Wc,-fstack-protector" + ]) + ]) + fi fi AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) fi