From: Simon Ruderich <simon@ruderich.org>
Date: Fri, 19 Aug 2011 00:14:00 +0000 (+0200)
Subject: configure.ac: Compile with additional security features if GCC is used.
X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=60c5c1c24448bc6390f9f607e2ee2e3782a122f6;hp=64bfebde76d568808b6fa8a8d09b4b5afe13dc15;p=tlsproxy%2Ftlsproxy.git

configure.ac: Compile with additional security features if GCC is used.

See http://wiki.debian.org/Hardening for more information.
---

diff --git a/configure.ac b/configure.ac
index 6cfb3f7..82be751 100644
--- a/configure.ac
+++ b/configure.ac
@@ -11,6 +11,9 @@ AC_PROG_CC
 if test "x$GCC" = xyes; then
     CFLAGS="-std=c89 -pedantic -Wall -Wextra -Werror $CFLAGS"
     CFLAGS="-D_XOPEN_SOURCE=500 -Wno-error=int-to-pointer-cast $CFLAGS"
+    # Additional security flags.
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector -fPIE -pie"
+    LDFLAGS="$LDFLAGS -z relro -z now"
 fi
 
 AC_CHECK_LIB([pthread], [pthread_create],