configure.ac: Compile with additional security features if GCC is used.

author Simon Ruderich <simon@ruderich.org>

Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)

committer Simon Ruderich <simon@ruderich.org>

Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)
author Simon Ruderich <simon@ruderich.org>
Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)
committer Simon Ruderich <simon@ruderich.org>
Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)
diff --git a/configure.ac b/configure.ac

index 6cfb3f7a062687dc242eb3d592f4fb64d85aad3d..82be75124597f229f49e626c176b030b55e02a13 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -11,6 +11,9 @@ AC_PROG_CC
  if test "x$GCC" = xyes; then
      CFLAGS="-std=c89 -pedantic -Wall -Wextra -Werror $CFLAGS"
      CFLAGS="-D_XOPEN_SOURCE=500 -Wno-error=int-to-pointer-cast $CFLAGS"
+    # Additional security flags.
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector -fPIE -pie"
+    LDFLAGS="$LDFLAGS -z relro -z now"
  fi
  
  AC_CHECK_LIB([pthread], [pthread_create],
author	Simon Ruderich <simon@ruderich.org>
	Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)
committer	Simon Ruderich <simon@ruderich.org>
	Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)