Add new compiler hardening flags.
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of compiler hardening flags that configure checks for. These are supported by clang and gcc, and make ROP gadgets less useful and mitigate stack-based infoleaks respectively. ok djm@
This commit is contained in:
Darren Tucker
parent
bf944e3794
commit
39f2111b1d
|
|
@ -190,6 +190,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
|||
# actually links. The test program compiled/linked includes a number
|
||||
# of integer operations that should exercise this.
|
||||
OSSH_CHECK_CFLAG_LINK([-ftrapv])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
|
||||
fi
|
||||
AC_MSG_CHECKING([gcc version])
|
||||
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
|
||||
|
|
|
|||
Loading…
Reference in New Issue