summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuillaume Friloux <guillaume.friloux@gmail.com>2013-12-12 09:11:33 +0100
committerGuillaume Friloux <guillaume.friloux@gmail.com>2013-12-12 09:11:33 +0100
commitf82b668f7b80ada56cc57b79fbf6369aa239a66b (patch)
tree57e7bef0c92b7b9aaa2078103d246c5b0529ff97
parentbe52045f38cae47545abf927fd0038cd5d5202f8 (diff)
Add stack protect
-rw-r--r--m4/gcc_stack_protect.m499
1 files changed, 99 insertions, 0 deletions
diff --git a/m4/gcc_stack_protect.m4 b/m4/gcc_stack_protect.m4
new file mode 100644
index 0000000..a4bb2c9
--- /dev/null
+++ b/m4/gcc_stack_protect.m4
@@ -0,0 +1,99 @@
1dnl
2dnl Useful macros for autoconf to check for ssp-patched gcc
3dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
4dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
5dnl * Stricter language checking (C or C++)
6dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
7dnl * Caches all results
8dnl * Uses macros to ensure correct ouput in quiet/silent mode
9dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
10dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
11dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
12dnl
13dnl About ssp:
14dnl GCC extension for protecting applications from stack-smashing attacks
15dnl http://www.research.ibm.com/trl/projects/security/ssp/
16dnl
17dnl Usage:
18dnl Most people will simply call GCC_STACK_PROTECTOR.
19dnl If you only use one of C or C++, you can save time by only calling the
20dnl macro appropriate for that language. In that case you should also call
21dnl GCC_STACK_PROTECT_LIB first.
22dnl
23dnl GCC_STACK_PROTECTOR
24dnl Tries to turn on stack protection for C and C++ by calling the following
25dnl three macros with the right languages.
26dnl
27dnl GCC_STACK_PROTECT_CC
28dnl checks -fstack-protector with the C compiler, if it exists then updates
29dnl CFLAGS and defines ENABLE_SSP_CC
30dnl
31dnl GCC_STACK_PROTECT_CXX
32dnl checks -fstack-protector with the C++ compiler, if it exists then updates
33dnl CXXFLAGS and defines ENABLE_SSP_CXX
34dnl
35dnl GCC_STACK_PROTECT_LIB
36dnl adds -lssp to LIBS if it is available
37dnl ssp is usually provided as part of libc, but was previously a separate lib
38dnl It does not hurt to add -lssp even if libc provides SSP - in that case
39dnl libssp will simply be ignored.
40dnl
41
42AC_DEFUN([GCC_STACK_PROTECT_LIB],[
43 AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
44 [ssp_old_libs="$LIBS"
45 LIBS="$LIBS -lssp"
46 AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no)
47 LIBS="$ssp_old_libs"
48 ])
49 if test $ssp_cv_lib = yes; then
50 LIBS="$LIBS -lssp"
51 fi
52])
53
54AC_DEFUN([GCC_STACK_PROTECT_CC],[
55 AC_LANG_ASSERT(C)
56 if test "X$CC" != "X"; then
57 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
58 ssp_cv_cc,
59 [ssp_old_cflags="$CFLAGS"
60 CFLAGS="$CFLAGS -fstack-protector -Werror"
61 AC_TRY_LINK(,, ssp_cv_cc=yes, ssp_cv_cc=no)
62 CFLAGS="$ssp_old_cflags"
63 ])
64 if test $ssp_cv_cc = yes; then
65 CFLAGS="$CFLAGS -fstack-protector"
66 AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
67 fi
68 fi
69])
70
71AC_DEFUN([GCC_STACK_PROTECT_CXX],[
72 AC_LANG_ASSERT(C++)
73 if test "X$CXX" != "X"; then
74 AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
75 ssp_cv_cxx,
76 [ssp_old_cxxflags="$CXXFLAGS"
77 CXXFLAGS="$CXXFLAGS -fstack-protector -Werror"
78 AC_TRY_LINK(,, ssp_cv_cxx=yes, ssp_cv_cxx=no)
79 CXXFLAGS="$ssp_old_cxxflags"
80 ])
81 if test $ssp_cv_cxx = yes; then
82 CXXFLAGS="$CXXFLAGS -fstack-protector"
83 AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
84 fi
85 fi
86])
87
88AC_DEFUN([GCC_STACK_PROTECTOR],[
89 GCC_STACK_PROTECT_LIB
90
91 AC_LANG_PUSH([C])
92 GCC_STACK_PROTECT_CC
93 AC_LANG_POP([C])
94
95 AC_LANG_PUSH([C++])
96 GCC_STACK_PROTECT_CXX
97 AC_LANG_POP([C++])
98])
99