build-sys: Enable optional hardening flags
With the configure option --enable-harden-flags the CFLAGS and LDFLAGS are manipulated to provide some hardening protection to the binaries. psmisc uses these flags on by default with no troubles, however it doesn't have a library in it either. References: https://wiki.debian.org/Hardening
This commit is contained in:
parent
1e6452fe65
commit
9c877bf636
@ -7,7 +7,10 @@ AM_CPPFLAGS = \
|
|||||||
-include $(top_builddir)/config.h \
|
-include $(top_builddir)/config.h \
|
||||||
-I$(top_srcdir) \
|
-I$(top_srcdir) \
|
||||||
-I$(top_srcdir)/include \
|
-I$(top_srcdir)/include \
|
||||||
-DLOCALEDIR=\"$(localedir)\"
|
-DLOCALEDIR=\"$(localedir)\" \
|
||||||
|
@HARDEN_CFLAGS@
|
||||||
|
|
||||||
|
AM_LDFLAGS = @HARDEN_LDFLAGS@
|
||||||
|
|
||||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||||
|
|
||||||
|
23
configure.ac
23
configure.ac
@ -116,6 +116,29 @@ if test "$enable_libselinux" = "yes"; then
|
|||||||
AC_DEFINE([ENABLE_LIBSELINUX], [1], [Enable libselinux])
|
AC_DEFINE([ENABLE_LIBSELINUX], [1], [Enable libselinux])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable hardened compile and link flags
|
||||||
|
AC_ARG_ENABLE([harden_flags],
|
||||||
|
[AS_HELP_STRING([--enable-harden-flags], [enable hardened compilier and linker flags])],
|
||||||
|
[enable_harden_flags=$enableval],
|
||||||
|
[enable_harden_flags="no"])
|
||||||
|
|
||||||
|
# Check that harden CFLAGS and LDFLAGS will compile
|
||||||
|
AS_IF([test "$enable_harden_flags" = "yes"],
|
||||||
|
HARDEN_CFLAGS="-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security"
|
||||||
|
[HARDEN_LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now"]
|
||||||
|
[ AC_MSG_CHECKING([compiler supports harden flags])
|
||||||
|
save_harden_cflags="$CFLAGS"
|
||||||
|
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,,)],
|
||||||
|
[AC_MSG_RESULT([yes])],
|
||||||
|
[AC_MSG_RESULT([no]); HARDEN_CFLAGS='']
|
||||||
|
)
|
||||||
|
CFLAGS="$save_harden_cflags"],
|
||||||
|
[HARDEN_CFLAGS=""
|
||||||
|
HARDEN_LDFLAGS=""])
|
||||||
|
AC_SUBST([HARDEN_CFLAGS])
|
||||||
|
AC_SUBST([HARDEN_LDFLAGS])
|
||||||
|
|
||||||
# Optional packages - AC_ARG_WITH
|
# Optional packages - AC_ARG_WITH
|
||||||
AC_ARG_WITH([ncurses],
|
AC_ARG_WITH([ncurses],
|
||||||
AS_HELP_STRING([--without-ncurses], [build only applications not needing ncurses]),
|
AS_HELP_STRING([--without-ncurses], [build only applications not needing ncurses]),
|
||||||
|
Loading…
Reference in New Issue
Block a user