From adbc8a574f9ecccf183304c4b8ce575d578b197c Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 11 Jan 2013 09:39:59 -0500 Subject: [PATCH] Use -fstack-protector-all in preference to -fstack-protector where supported. --- configure | 85 +++++++++++++++++++++++++++++++++++++++++++++++++--- configure.in | 16 +++++++--- 2 files changed, 93 insertions(+), 8 deletions(-) diff --git a/configure b/configure index 5409597b6..5dbd996f8 100755 --- a/configure +++ b/configure @@ -20795,7 +20795,83 @@ fi if test "$enable_hardening" != "no"; then if test -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5 +$as_echo_n "checking whether C compiler accepts -fstack-protector-all... " >&6; } +if ${ax_cv_check_cflags___fstack_protector_all+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fstack-protector-all" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags___fstack_protector_all=yes +else + ax_cv_check_cflags___fstack_protector_all=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5 +$as_echo "$ax_cv_check_cflags___fstack_protector_all" >&6; } +if test x"$ax_cv_check_cflags___fstack_protector_all" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-all" >&5 +$as_echo_n "checking whether the linker accepts -fstack-protector-all... " >&6; } +if ${ax_cv_check_ldflags___fstack_protector_all+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -fstack-protector-all" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_check_ldflags___fstack_protector_all=yes +else + ax_cv_check_ldflags___fstack_protector_all=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_all" >&5 +$as_echo "$ax_cv_check_ldflags___fstack_protector_all" >&6; } +if test x"$ax_cv_check_ldflags___fstack_protector_all" = xyes; then : + + SSP_CFLAGS="-fstack-protector-all" + SSP_LDFLAGS="-Wc,-fstack-protector-all" + +else + : +fi + + +else + : +fi + + if test -z "$SSP_CFLAGS"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5 $as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; } if ${ax_cv_check_cflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 @@ -20826,7 +20902,7 @@ fi $as_echo "$ax_cv_check_cflags___fstack_protector" >&6; } if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5 $as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; } if ${ax_cv_check_ldflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 @@ -20858,8 +20934,8 @@ fi $as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; } if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then : - SSP_CFLAGS="-fstack-protector" - SSP_LDFLAGS="-Wc,-fstack-protector" + SSP_CFLAGS="-fstack-protector" + SSP_LDFLAGS="-Wc,-fstack-protector" else : @@ -20870,6 +20946,7 @@ else : fi + fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 $as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; } diff --git a/configure.in b/configure.in index 3e251f982..ffd361e5e 100644 --- a/configure.in +++ b/configure.in @@ -3434,12 +3434,20 @@ dnl This test relies on AC_LANG_WERROR dnl if test "$enable_hardening" != "no"; then if test -n "$GCC"; then - AX_CHECK_COMPILE_FLAG([-fstack-protector], [ - AX_CHECK_LINK_FLAG([-fstack-protector], [ - SSP_CFLAGS="-fstack-protector" - SSP_LDFLAGS="-Wc,-fstack-protector" + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], [ + SSP_CFLAGS="-fstack-protector-all" + SSP_LDFLAGS="-Wc,-fstack-protector-all" ]) ]) + if test -z "$SSP_CFLAGS"; then + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], [ + SSP_CFLAGS="-fstack-protector" + SSP_LDFLAGS="-Wc,-fstack-protector" + ]) + ]) + fi fi AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) fi -- 2.40.0