From: Simon Ruderich Date: Tue, 15 Nov 2011 14:31:51 +0000 (+0100) Subject: configure.ac: Add more hardening flags for GCC. X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=36c08222306c7bca79f10255a945ffb00803e05c;p=tlsproxy%2Ftlsproxy.git configure.ac: Add more hardening flags for GCC. Also move -pie to LDFLAGS, it's a linker flag. --- diff --git a/configure.ac b/configure.ac index 82be751..4c7c937 100644 --- a/configure.ac +++ b/configure.ac @@ -12,8 +12,11 @@ if test "x$GCC" = xyes; then CFLAGS="-std=c89 -pedantic -Wall -Wextra -Werror $CFLAGS" CFLAGS="-D_XOPEN_SOURCE=500 -Wno-error=int-to-pointer-cast $CFLAGS" # Additional security flags. - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector -fPIE -pie" - LDFLAGS="$LDFLAGS -z relro -z now" + CFLAGS="$CFLAGS -Wformat -Wformat-security -Werror=format-security" + CFLAGS="$CFLAGS -fstack-protector-all -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fPIE" + LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now -fPIE -pie" fi AC_CHECK_LIB([pthread], [pthread_create],