summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-07-14 17:43:50 +0200
committerChristian Grothoff <christian@grothoff.org>2015-07-14 17:43:50 +0200
commit4d4319b84a92d56a1871f7507de34137fb644fb0 (patch)
tree7a25965d12ffb2ad2a59cf9dde3d4ed826736f7c /configure.ac
parent7b6c4a061f714dca55144349fa5125c3d33dfaca (diff)
downloadexchange-4d4319b84a92d56a1871f7507de34137fb644fb0.tar.gz
exchange-4d4319b84a92d56a1871f7507de34137fb644fb0.tar.bz2
exchange-4d4319b84a92d56a1871f7507de34137fb644fb0.zip
-off by 1
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac22
1 files changed, 22 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 2ead756d..f48835df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -236,6 +236,28 @@ AS_IF([test "x$enableval" = "xno"], [enable_dev=0])
AC_DEFINE_UNQUOTED([HAVE_DEVELOPER],[$enable_dev],[1 if developer logic is enabled, 0 otherwise])
+
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+ AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+ CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+ CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+ LDFLAGS="$LDFLAGS -pie"
+fi])
+
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+ AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[if test x$enableval = xyes; then
+ LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+
# logging
extra_logging=0
AC_ARG_ENABLE([logging],