Commit e36cd016 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Try to manually test for whether the compiler hardening flags work 

Also, make the check for whether they're on by default work; there's
no need to mess around with this "$enableval" silliness.
parent 62f3121a

acinclude.m4

+34 −0
Original line number Diff line number Diff line
@@ -41,6 +41,40 @@ AC_DEFUN([TOR_DEFINE_CODEPATH], 
  AC_SUBST(TOR_LDFLAGS_$2)

])



dnl 1:flags

AC_DEFUN([TOR_CHECK_CFLAGS], [

  AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])

  AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [

    tor_saved_CFLAGS="$CFLAGS"

    CFLAGS="$CFLAGS $1"

    AC_TRY_COMPILE([], [return 0;],

                   [AS_VAR_SET(VAR,yes)],

                   [AS_VAR_SET(VAR,no)])

    CFLAGS="$tor_saved_CFLAGS"

  ])

  if test x$VAR = xyes; then

    CFLAGS="$CFLAGS $1"

  fi

  AS_VAR_POPDEF([VAR])

])



dnl 1:flags

AC_DEFUN([TOR_CHECK_LDFLAGS], [

  AS_VAR_PUSHDEF([VAR],[tor_cv_ldflags_$1])

  AC_CACHE_CHECK([whether the linker accepts $1], VAR, [

    tor_saved_LDFLAGS="$LDFLAGS"

    LDFLAGS="$LDFLAGS $1"

    AC_TRY_LINK([], [return 0;],

                   [AS_VAR_SET(VAR,yes)],

                   [AS_VAR_SET(VAR,no)])

    LDFLAGS="$tor_saved_LDFLAGS"

  ])

  if test x$VAR = xyes; then

    LDFLAGS="$LDFLAGS $1"

  fi

  AS_VAR_POPDEF([VAR])

])



dnl 1:libname

AC_DEFUN([TOR_WARN_MISSING_LIB], [

h=""

configure.in

+16 −15
Original line number Diff line number Diff line
@@ -122,25 +122,12 @@ dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all 
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows

dnl This requires that we use gcc and that we add -O2 to the CFLAGS.

AC_ARG_ENABLE(gcc-hardening,

    AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks),

    [],

    [enableval=yes;])

[if test x$enableval = xyes; then

    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"

    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"

    CFLAGS="$CFLAGS --param ssp-buffer-size=1"

    LDFLAGS="$LDFLAGS -pie"

fi]

    AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks))



dnl Linker hardening options

dnl Currently these options are ELF specific - you can't use this with MacOSX

AC_ARG_ENABLE(linker-hardening,

    AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups),

    [],

    [enableval=yes;])

AC_CHECK_HEADER([elf.h], [if test x$enableval = xyes; then

    LDFLAGS="$LDFLAGS -z relro -z now"

fi])

    AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups))



AC_ARG_ENABLE(local-appdata,

   AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows))
@@ -184,6 +171,20 @@ AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue) 
AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)

AM_PROG_CC_C_O



if test x$enable_gcc_hardening != xno; then

    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"

    TOR_CHECK_CFLAGS(-fstack-protector-all)

    TOR_CHECK_CFLAGS(-Wstack-protector)

    TOR_CHECK_CFLAGS(-fwrapv)

    TOR_CHECK_CFLAGS(-fPIE)

    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)

    TOR_CHECK_LDFLAGS(-pie)

fi



if test x$enable_linker_hardening != xno; then

    TOR_CHECK_LDFLAGS(-z relro -z now)

fi



ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [

AC_C_FLEXIBLE_ARRAY_MEMBER

], [