Limit some of the hardening tests to compilers that define __GNUC__.
This should avoid false positives on other compilers.
This commit is contained in:
Todd C. Miller
6
configure
vendored
6
configure
vendored
@@ -31317,7 +31317,7 @@ then :
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
|
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes"; then
|
||||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -static-libgcc" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -static-libgcc" >&5
|
||||||
printf %s "checking whether C compiler accepts -static-libgcc... " >&6; }
|
printf %s "checking whether C compiler accepts -static-libgcc... " >&6; }
|
||||||
if test ${ax_cv_check_cflags___static_libgcc+y}
|
if test ${ax_cv_check_cflags___static_libgcc+y}
|
||||||
@@ -32930,7 +32930,7 @@ printf "%s\n" "$sudo_cv_use_fortify_source" >&6; }
|
|||||||
CPPFLAGS="$O_CPPFLAGS"
|
CPPFLAGS="$O_CPPFLAGS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test "$enable_ssp" != "no"; then
|
if test -n "$GCC" -a "$enable_ssp" != "no"; then
|
||||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compiler stack protector support" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compiler stack protector support" >&5
|
||||||
printf %s "checking for compiler stack protector support... " >&6; }
|
printf %s "checking for compiler stack protector support... " >&6; }
|
||||||
if test ${sudo_cv_var_stack_protector+y}
|
if test ${sudo_cv_var_stack_protector+y}
|
||||||
@@ -33048,6 +33048,7 @@ printf "%s\n" "$sudo_cv_var_stack_protector" >&6; }
|
|||||||
# machine-specific code does not support it. We use a test program
|
# machine-specific code does not support it. We use a test program
|
||||||
# with a large stack allocation to try to cause the compiler to
|
# with a large stack allocation to try to cause the compiler to
|
||||||
# insert the stack clash protection code, or fail if not supported.
|
# insert the stack clash protection code, or fail if not supported.
|
||||||
|
if test -n "$GCC"; then
|
||||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports -fstack-clash-protection" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports -fstack-clash-protection" >&5
|
||||||
printf %s "checking whether C compiler supports -fstack-clash-protection... " >&6; }
|
printf %s "checking whether C compiler supports -fstack-clash-protection... " >&6; }
|
||||||
if test ${sudo_cv_check_cflags___fstack_clash_protection+y}
|
if test ${sudo_cv_check_cflags___fstack_clash_protection+y}
|
||||||
@@ -33346,6 +33347,7 @@ else case e in #(
|
|||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
# Linker-specific hardening flags.
|
# Linker-specific hardening flags.
|
||||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
|
||||||
|
|||||||
@@ -4024,7 +4024,7 @@ dnl If compiler supports the -static-libgcc flag use it unless we have
|
|||||||
dnl GNU ld (which can avoid linking in libgcc when it is not needed).
|
dnl GNU ld (which can avoid linking in libgcc when it is not needed).
|
||||||
dnl This test relies on AC_LANG_WERROR
|
dnl This test relies on AC_LANG_WERROR
|
||||||
dnl
|
dnl
|
||||||
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
|
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes"; then
|
||||||
AX_CHECK_COMPILE_FLAG([-static-libgcc], [AX_APPEND_FLAG([-Wc,-static-libgcc], [LT_LDFLAGS])])
|
AX_CHECK_COMPILE_FLAG([-static-libgcc], [AX_APPEND_FLAG([-Wc,-static-libgcc], [LT_LDFLAGS])])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
|
|||||||
dnl
|
dnl
|
||||||
dnl The following tests rely on AC_LANG_WERROR.
|
dnl The following tests rely on AC_LANG_WERROR.
|
||||||
dnl
|
dnl
|
||||||
if test "$enable_ssp" != "no"; then
|
if test -n "$GCC" -a "$enable_ssp" != "no"; then
|
||||||
AC_CACHE_CHECK([for compiler stack protector support],
|
AC_CACHE_CHECK([for compiler stack protector support],
|
||||||
[sudo_cv_var_stack_protector],
|
[sudo_cv_var_stack_protector],
|
||||||
[
|
[
|
||||||
@@ -86,6 +86,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
|
|||||||
# machine-specific code does not support it. We use a test program
|
# machine-specific code does not support it. We use a test program
|
||||||
# with a large stack allocation to try to cause the compiler to
|
# with a large stack allocation to try to cause the compiler to
|
||||||
# insert the stack clash protection code, or fail if not supported.
|
# insert the stack clash protection code, or fail if not supported.
|
||||||
|
if test -n "$GCC"; then
|
||||||
AC_CACHE_CHECK([whether C compiler supports -fstack-clash-protection],
|
AC_CACHE_CHECK([whether C compiler supports -fstack-clash-protection],
|
||||||
[sudo_cv_check_cflags___fstack_clash_protection],
|
[sudo_cv_check_cflags___fstack_clash_protection],
|
||||||
[
|
[
|
||||||
@@ -111,6 +112,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
|
|||||||
AX_APPEND_FLAG([-Wc,-fcf-protection], [HARDENING_LDFLAGS])
|
AX_APPEND_FLAG([-Wc,-fcf-protection], [HARDENING_LDFLAGS])
|
||||||
])
|
])
|
||||||
])
|
])
|
||||||
|
fi
|
||||||
|
|
||||||
# Linker-specific hardening flags.
|
# Linker-specific hardening flags.
|
||||||
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [AX_APPEND_FLAG([-Wl,-z,relro], [HARDENING_LDFLAGS])])
|
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [AX_APPEND_FLAG([-Wl,-z,relro], [HARDENING_LDFLAGS])])
|
||||||
|
|||||||
Reference in New Issue
Block a user