Ticket #105: gcc_stack_protect.m4
| File gcc_stack_protect.m4, 3.1 kB (added by tedp, 2 years ago) |
|---|
| Line | |
|---|---|
| 1 | dnl |
| 2 | dnl Useful macros for autoconf to check for ssp-patched gcc |
| 3 | dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org> |
| 4 | dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net> |
| 5 | dnl * Stricter language checking (C or C++) |
| 6 | dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary |
| 7 | dnl * Caches all results |
| 8 | dnl * Uses macros to ensure correct ouput in quiet/silent mode |
| 9 | dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net> |
| 10 | dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation |
| 11 | dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS |
| 12 | dnl |
| 13 | dnl About ssp: |
| 14 | dnl GCC extension for protecting applications from stack-smashing attacks |
| 15 | dnl http://www.research.ibm.com/trl/projects/security/ssp/ |
| 16 | dnl |
| 17 | dnl Usage: |
| 18 | dnl Most people will simply call GCC_STACK_PROTECTOR. |
| 19 | dnl If you only use one of C or C++, you can save time by only calling the |
| 20 | dnl macro appropriate for that language. In that case you should also call |
| 21 | dnl GCC_STACK_PROTECT_LIB first. |
| 22 | dnl |
| 23 | dnl GCC_STACK_PROTECTOR |
| 24 | dnl Tries to turn on stack protection for C and C++ by calling the following |
| 25 | dnl three macros with the right languages. |
| 26 | dnl |
| 27 | dnl GCC_STACK_PROTECT_CC |
| 28 | dnl checks -fstack-protector with the C compiler, if it exists then updates |
| 29 | dnl CFLAGS and defines ENABLE_SSP_CC |
| 30 | dnl |
| 31 | dnl GCC_STACK_PROTECT_CXX |
| 32 | dnl checks -fstack-protector with the C++ compiler, if it exists then updates |
| 33 | dnl CXXFLAGS and defines ENABLE_SSP_CXX |
| 34 | dnl |
| 35 | dnl GCC_STACK_PROTECT_LIB |
| 36 | dnl adds -lssp to LIBS if it is available |
| 37 | dnl ssp is usually provided as part of libc, but was previously a separate lib |
| 38 | dnl It does not hurt to add -lssp even if libc provides SSP - in that case |
| 39 | dnl libssp will simply be ignored. |
| 40 | dnl |
| 41 | |
| 42 | AC_DEFUN([GCC_STACK_PROTECT_LIB],[ |
| 43 | AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib, |
| 44 | [ssp_old_libs="$LIBS" |
| 45 | LIBS="$LIBS -lssp" |
| 46 | AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no) |
| 47 | LIBS="$ssp_old_libs" |
| 48 | ]) |
| 49 | if test $ssp_cv_lib = yes; then |
| 50 | LIBS="$LIBS -lssp" |
| 51 | fi |
| 52 | ]) |
| 53 | |
| 54 | AC_DEFUN([GCC_STACK_PROTECT_CC],[ |
| 55 | AC_LANG_ASSERT(C) |
| 56 | if test "X$CC" != "X"; then |
| 57 | AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], |
| 58 | ssp_cv_cc, |
| 59 | [ssp_old_cflags="$CFLAGS" |
| 60 | CFLAGS="$CFLAGS -fstack-protector" |
| 61 | AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) |
| 62 | CFLAGS="$ssp_old_cflags" |
| 63 | ]) |
| 64 | if test $ssp_cv_cc = yes; then |
| 65 | CFLAGS="$CFLAGS -fstack-protector" |
| 66 | AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) |
| 67 | fi |
| 68 | fi |
| 69 | ]) |
| 70 | |
| 71 | AC_DEFUN([GCC_STACK_PROTECT_CXX],[ |
| 72 | AC_LANG_ASSERT(C++) |
| 73 | if test "X$CXX" != "X"; then |
| 74 | AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector], |
| 75 | ssp_cv_cxx, |
| 76 | [ssp_old_cxxflags="$CXXFLAGS" |
| 77 | CXXFLAGS="$CXXFLAGS -fstack-protector" |
| 78 | AC_TRY_COMPILE(,, ssp_cv_cxx=yes, ssp_cv_cxx=no) |
| 79 | CXXFLAGS="$ssp_old_cxxflags" |
| 80 | ]) |
| 81 | if test $ssp_cv_cxx = yes; then |
| 82 | CXXFLAGS="$CXXFLAGS -fstack-protector" |
| 83 | AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.]) |
| 84 | fi |
| 85 | fi |
| 86 | ]) |
| 87 | |
| 88 | AC_DEFUN([GCC_STACK_PROTECTOR],[ |
| 89 | GCC_STACK_PROTECT_LIB |
| 90 | |
| 91 | AC_LANG_PUSH([C]) |
| 92 | GCC_STACK_PROTECT_CC |
| 93 | AC_LANG_POP([C]) |
| 94 | |
| 95 | AC_LANG_PUSH([C++]) |
| 96 | GCC_STACK_PROTECT_CXX |
| 97 | AC_LANG_POP([C++]) |
| 98 | ]) |
| 99 |
