tomcharnock/void-packages
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

environment/configure/hardening.sh: enable -fstack-clash-protection

Browse Source 
This flag will make GCC 8 touch all space allocated using alloca(3)
and thus detect code jumping over the "stack gap".
This commit is contained in:
Leah Neukirchen
2019-01-11 16:10:07 +01:00
parent 9ecfc32a1d
commit 6b81302e38
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/environment/configure/hardening.sh
View File

@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}" LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
else else
# Enable FORITFY_SOURCE=2 # Enable FORITFY_SOURCE=2
CFLAGS="-D_FORTIFY_SOURCE=2 ${CFLAGS}" CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
CXXFLAGS="-D_FORTIFY_SOURCE=2 ${CXXFLAGS}" CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}" LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
fi fi
else else