portable/scripts/wrap-compiler-for-flag-check, branch v3.2.2A mirror of https://github.com/libressl/portable.git
https://git.lua4.win/portable/atom?h=v3.2.22015-01-02T13:42:15+00:00move public domain to top, help automatic tools2015-01-02T13:42:15+00:00Brent Cookbcook@openbsd.org2015-01-02T13:42:15+00:00urn:sha1:5be407a42427a298cc00241f5d6bf67c9c7fa041Change comments to remark on script not being needed for clang >= 5.12015-01-01T23:03:03+00:00Jim Barlowjim@purplerock.ca2015-01-01T23:03:03+00:00urn:sha1:813e7bdac1308a39be89eba7eb02063970f795b3configure.ac: use executable hardening where available2014-12-24T05:47:03+00:00Jim Barlowjim@purplerock.ca2014-12-24T05:47:03+00:00urn:sha1:c0a8ddc163859ec7cbfe42cc163cc0a863b017f4
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
The code added to m4/ is GPLv3 but con
Signed-off-by: Jim Barlow <jim@purplerock.ca>