diff options
Diffstat (limited to 'configure.in')
-rw-r--r-- | configure.in | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/configure.in b/configure.in index 656a3243fa..18869a1158 100644 --- a/configure.in +++ b/configure.in @@ -122,21 +122,12 @@ dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows dnl This requires that we use gcc and that we add -O2 to the CFLAGS. AC_ARG_ENABLE(gcc-hardening, - AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), -[if test x$enableval = xyes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" - CFLAGS="$CFLAGS --param ssp-buffer-size=1" - LDFLAGS="$LDFLAGS -pie" -fi]) + AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks)) dnl Linker hardening options dnl Currently these options are ELF specific - you can't use this with MacOSX AC_ARG_ENABLE(linker-hardening, - AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), -[if test x$enableval = xyes; then - LDFLAGS="$LDFLAGS -z relro -z now" -fi]) + AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups)) AC_ARG_ENABLE(local-appdata, AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows)) @@ -563,8 +554,31 @@ else fi AC_SUBST(TOR_ZLIB_LIBS) -dnl Make sure to enable support for large off_t if available. +dnl --------------------------------------------------------------------- +dnl Now that we know about our major libraries, we can check for compiler +dnl and linker hardening options. We need to do this with the libraries known, +dnl since sometimes the linker will like an option but not be willing to +dnl use it with a build of a library. + +all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent" +all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI" + +if test x$enable_gcc_hardening != xno; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" + TOR_CHECK_CFLAGS(-Qunused-arguments) + TOR_CHECK_CFLAGS(-fstack-protector-all) + TOR_CHECK_CFLAGS(-Wstack-protector) + TOR_CHECK_CFLAGS(-fwrapv) + TOR_CHECK_CFLAGS(--param ssp-buffer-size=1) + if test "$bwin32" = "false"; then + TOR_CHECK_CFLAGS(-fPIE) + TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check") + fi +fi +if test x$enable_linker_hardening != xno; then + TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check") +fi dnl ------------------------------------------------------ dnl Where do you live, libnatpmp? And how do we call you? @@ -625,6 +639,7 @@ if test "$upnp" = "true"; then fi fi +dnl Make sure to enable support for large off_t if available. AC_SYS_LARGEFILE AC_CHECK_HEADERS( |