[Pidgin] #13879: Add gcc and linker hardening options to configure.ac
Pidgin
trac at pidgin.im
Wed Apr 27 20:38:31 EDT 2011
#13879: Add gcc and linker hardening options to configure.ac
--------------------------+-------------------------------------------------
Reporter: ioerror | Owner: rekkanoryo
Type: enhancement | Status: new
Component: unclassified | Version: 2.7.11
Keywords: security |
--------------------------+-------------------------------------------------
I've added two new (off by default) flags to configure.ac:
--enable-gcc-hardening
+ CFLAGS="$CFLAGS -fstack-protector-all"
+ CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+ CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+ LDFLAGS="$LDFLAGS -pie -fPIC"
--enable-linker-hardening
+ LDFLAGS="$LDFLAGS -z relro -z now"
I suspect these should be enabled by default.
I also added a small bit of feedback to the configure status message:
+echo Build with FORTIFY............ : $enable_fortify
+echo Build with GCC hardening...... : $enable_gcchardening
+echo Build with linker hardening... : $enable_linkerhardening
--
Ticket URL: <http://developer.pidgin.im/ticket/13879>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list