From 36c08222306c7bca79f10255a945ffb00803e05c Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Tue, 15 Nov 2011 15:31:51 +0100 Subject: [PATCH] configure.ac: Add more hardening flags for GCC. Also move -pie to LDFLAGS, it's a linker flag. --- configure.ac | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 82be751..4c7c937 100644 --- a/configure.ac +++ b/configure.ac @@ -12,8 +12,11 @@ if test "x$GCC" = xyes; then CFLAGS="-std=c89 -pedantic -Wall -Wextra -Werror $CFLAGS" CFLAGS="-D_XOPEN_SOURCE=500 -Wno-error=int-to-pointer-cast $CFLAGS" # Additional security flags. - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector -fPIE -pie" - LDFLAGS="$LDFLAGS -z relro -z now" + CFLAGS="$CFLAGS -Wformat -Wformat-security -Werror=format-security" + CFLAGS="$CFLAGS -fstack-protector-all -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fPIE" + LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now -fPIE -pie" fi AC_CHECK_LIB([pthread], [pthread_create], -- 2.45.2