Add stack protect

author: Guillaume Friloux <guillaume.friloux@gmail.com> 2013-12-12 09:11:33 +0100
committer: Guillaume Friloux <guillaume.friloux@gmail.com> 2013-12-12 09:11:33 +0100
commit: f82b668f7b80ada56cc57b79fbf6369aa239a66b (patch)
tree: 57e7bef0c92b7b9aaa2078103d246c5b0529ff97
parent: be52045f38cae47545abf927fd0038cd5d5202f8 (diff)
1 files changed, 99 insertions, 0 deletions
diff --git a/m4/gcc_stack_protect.m4 b/m4/gcc_stack_protect.m4
new file mode 100644
index 0000000..a4bb2c9
--- /dev/null
+++ b/m4/gcc_stack_protect.m4
@@ -0,0 +1,99 @@
+dnl
+dnl Useful macros for autoconf to check for ssp-patched gcc
+dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
+dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
+dnl     * Stricter language checking (C or C++)
+dnl     * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
+dnl     * Caches all results
+dnl     * Uses macros to ensure correct ouput in quiet/silent mode
+dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
+dnl     * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
+dnl     * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
+dnl
+dnl About ssp:
+dnl GCC extension for protecting applications from stack-smashing attacks
+dnl http://www.research.ibm.com/trl/projects/security/ssp/
+dnl
+dnl Usage:
+dnl Most people will simply call GCC_STACK_PROTECTOR.
+dnl If you only use one of C or C++, you can save time by only calling the
+dnl macro appropriate for that language. In that case you should also call
+dnl GCC_STACK_PROTECT_LIB first.
+dnl
+dnl GCC_STACK_PROTECTOR
+dnl Tries to turn on stack protection for C and C++ by calling the following
+dnl three macros with the right languages.
+dnl
+dnl GCC_STACK_PROTECT_CC
+dnl checks -fstack-protector with the C compiler, if it exists then updates
+dnl CFLAGS and defines ENABLE_SSP_CC
+dnl
+dnl GCC_STACK_PROTECT_CXX
+dnl checks -fstack-protector with the C++ compiler, if it exists then updates
+dnl CXXFLAGS and defines ENABLE_SSP_CXX
+dnl
+dnl GCC_STACK_PROTECT_LIB
+dnl adds -lssp to LIBS if it is available
+dnl ssp is usually provided as part of libc, but was previously a separate lib
+dnl It does not hurt to add -lssp even if libc provides SSP - in that case
+dnl libssp will simply be ignored.
+dnl
+AC_DEFUN([GCC_STACK_PROTECT_LIB],[
+  AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
+    [ssp_old_libs="$LIBS"
+     LIBS="$LIBS -lssp"
+     AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no)
+     LIBS="$ssp_old_libs"
+    ])
+  if test $ssp_cv_lib = yes; then
+    LIBS="$LIBS -lssp"
+  fi
+])
+AC_DEFUN([GCC_STACK_PROTECT_CC],[
+  AC_LANG_ASSERT(C)
+  if test "X$CC" != "X"; then
+    AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
+      ssp_cv_cc,
+      [ssp_old_cflags="$CFLAGS"
+       CFLAGS="$CFLAGS -fstack-protector -Werror"
+       AC_TRY_LINK(,, ssp_cv_cc=yes, ssp_cv_cc=no)
+       CFLAGS="$ssp_old_cflags"
+      ])
+    if test $ssp_cv_cc = yes; then
+      CFLAGS="$CFLAGS -fstack-protector"
+      AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
+    fi
+  fi
+])
+AC_DEFUN([GCC_STACK_PROTECT_CXX],[
+  AC_LANG_ASSERT(C++)
+  if test "X$CXX" != "X"; then
+    AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
+      ssp_cv_cxx,
+      [ssp_old_cxxflags="$CXXFLAGS"
+       CXXFLAGS="$CXXFLAGS -fstack-protector -Werror"
+       AC_TRY_LINK(,, ssp_cv_cxx=yes, ssp_cv_cxx=no)
+       CXXFLAGS="$ssp_old_cxxflags"
+      ])
+    if test $ssp_cv_cxx = yes; then
+      CXXFLAGS="$CXXFLAGS -fstack-protector"
+      AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
+    fi
+  fi
+])
+AC_DEFUN([GCC_STACK_PROTECTOR],[
+  GCC_STACK_PROTECT_LIB
+  AC_LANG_PUSH([C])
+  GCC_STACK_PROTECT_CC
+  AC_LANG_POP([C])
+  AC_LANG_PUSH([C++])
+  GCC_STACK_PROTECT_CXX
+  AC_LANG_POP([C++])
+])
author	Guillaume Friloux <guillaume.friloux@gmail.com>	2013-12-12 09:11:33 +0100
committer	Guillaume Friloux <guillaume.friloux@gmail.com>	2013-12-12 09:11:33 +0100
commit	f82b668f7b80ada56cc57b79fbf6369aa239a66b (patch)
tree	57e7bef0c92b7b9aaa2078103d246c5b0529ff97
parent	be52045f38cae47545abf927fd0038cd5d5202f8 (diff)

diff --git a/m4/gcc_stack_protect.m4 b/m4/gcc_stack_protect.m4 new file mode 100644 index 0000000..a4bb2c9 --- /dev/null +++ b/m4/gcc_stack_protect.m4
@@ -0,0 +1,99 @@
	1	dnl
	2	dnl Useful macros for autoconf to check for ssp-patched gcc
	3	dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
	4	dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
	5	dnl * Stricter language checking (C or C++)
	6	dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
	7	dnl * Caches all results
	8	dnl * Uses macros to ensure correct ouput in quiet/silent mode
	9	dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
	10	dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
	11	dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
	12	dnl
	13	dnl About ssp:
	14	dnl GCC extension for protecting applications from stack-smashing attacks
	15	dnl http://www.research.ibm.com/trl/projects/security/ssp/
	16	dnl
	17	dnl Usage:
	18	dnl Most people will simply call GCC_STACK_PROTECTOR.
	19	dnl If you only use one of C or C++, you can save time by only calling the
	20	dnl macro appropriate for that language. In that case you should also call
	21	dnl GCC_STACK_PROTECT_LIB first.
	22	dnl
	23	dnl GCC_STACK_PROTECTOR
	24	dnl Tries to turn on stack protection for C and C++ by calling the following
	25	dnl three macros with the right languages.
	26	dnl
	27	dnl GCC_STACK_PROTECT_CC
	28	dnl checks -fstack-protector with the C compiler, if it exists then updates
	29	dnl CFLAGS and defines ENABLE_SSP_CC
	30	dnl
	31	dnl GCC_STACK_PROTECT_CXX
	32	dnl checks -fstack-protector with the C++ compiler, if it exists then updates
	33	dnl CXXFLAGS and defines ENABLE_SSP_CXX
	34	dnl
	35	dnl GCC_STACK_PROTECT_LIB
	36	dnl adds -lssp to LIBS if it is available
	37	dnl ssp is usually provided as part of libc, but was previously a separate lib
	38	dnl It does not hurt to add -lssp even if libc provides SSP - in that case
	39	dnl libssp will simply be ignored.
	40	dnl
	41
	42	AC_DEFUN([GCC_STACK_PROTECT_LIB],[
	43	AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
	44	[ssp_old_libs="$LIBS"
	45	LIBS="$LIBS -lssp"
	46	AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no)
	47	LIBS="$ssp_old_libs"
	48	])
	49	if test $ssp_cv_lib = yes; then
	50	LIBS="$LIBS -lssp"
	51	fi
	52	])
	53
	54	AC_DEFUN([GCC_STACK_PROTECT_CC],[
	55	AC_LANG_ASSERT(C)
	56	if test "X$CC" != "X"; then
	57	AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
	58	ssp_cv_cc,
	59	[ssp_old_cflags="$CFLAGS"
	60	CFLAGS="$CFLAGS -fstack-protector -Werror"
	61	AC_TRY_LINK(,, ssp_cv_cc=yes, ssp_cv_cc=no)
	62	CFLAGS="$ssp_old_cflags"
	63	])
	64	if test $ssp_cv_cc = yes; then
	65	CFLAGS="$CFLAGS -fstack-protector"
	66	AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
	67	fi
	68	fi
	69	])
	70
	71	AC_DEFUN([GCC_STACK_PROTECT_CXX],[
	72	AC_LANG_ASSERT(C++)
	73	if test "X$CXX" != "X"; then
	74	AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
	75	ssp_cv_cxx,
	76	[ssp_old_cxxflags="$CXXFLAGS"
	77	CXXFLAGS="$CXXFLAGS -fstack-protector -Werror"
	78	AC_TRY_LINK(,, ssp_cv_cxx=yes, ssp_cv_cxx=no)
	79	CXXFLAGS="$ssp_old_cxxflags"
	80	])
	81	if test $ssp_cv_cxx = yes; then
	82	CXXFLAGS="$CXXFLAGS -fstack-protector"
	83	AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
	84	fi
	85	fi
	86	])
	87
	88	AC_DEFUN([GCC_STACK_PROTECTOR],[
	89	GCC_STACK_PROTECT_LIB
	90
	91	AC_LANG_PUSH([C])
	92	GCC_STACK_PROTECT_CC
	93	AC_LANG_POP([C])
	94
	95	AC_LANG_PUSH([C++])
	96	GCC_STACK_PROTECT_CXX
	97	AC_LANG_POP([C++])
	98	])
	99