mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Add --enable-asan configure flag to enable address sanitizer
This commit is contained in:
Todd C. Miller
parent
9b3ef072f9
commit
3d0b0f061e
@ -923,6 +923,9 @@
|
||||
/* Define to 1 if you don't want sudo to prompt for a password by default. */
|
||||
#undef NO_AUTHENTICATION
|
||||
|
||||
/* Define to 1 if you want sudo to free up memory before exiting. */
|
||||
#undef NO_LEAKS
|
||||
|
||||
/* Define to 1 if you don't want users to get the lecture the first they user
|
||||
sudo. */
|
||||
#undef NO_LECTURE
|
||||
|
||||
126
configure
vendored
126
configure
vendored
@ -943,6 +943,7 @@ enable_warnings
|
||||
enable_werror
|
||||
enable_hardening
|
||||
enable_pie
|
||||
enable_asan
|
||||
enable_poll
|
||||
enable_admin_flag
|
||||
enable_nls
|
||||
@ -1617,6 +1618,7 @@ Optional Features:
|
||||
--disable-hardening Do not use compiler/linker exploit mitigation
|
||||
options
|
||||
--enable-pie Build sudo as a position independent executable.
|
||||
--enable-asan Build sudo with address sanitizer support.
|
||||
--disable-poll Use select() instead of poll().
|
||||
--enable-admin-flag Whether to create a Ubuntu-style admin flag file
|
||||
--disable-nls Disable natural language support using gettext
|
||||
@ -6112,6 +6114,12 @@ if test "${enable_pie+set}" = set; then :
|
||||
fi
|
||||
|
||||
|
||||
# Check whether --enable-asan was given.
|
||||
if test "${enable_asan+set}" = set; then :
|
||||
enableval=$enable_asan;
|
||||
fi
|
||||
|
||||
|
||||
# Check whether --enable-poll was given.
|
||||
if test "${enable_poll+set}" = set; then :
|
||||
enableval=$enable_poll;
|
||||
@ -23718,6 +23726,123 @@ $as_echo "$sudo_cv_var_hpux_ld_symbol_export" >&6; }
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$enable_asan" = "yes"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fsanitize=address,undefined" >&5
|
||||
$as_echo_n "checking whether C compiler accepts -fsanitize=address,undefined... " >&6; }
|
||||
if ${ax_cv_check_cflags___fsanitize_address_undefined+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
|
||||
ax_check_save_flags=$CFLAGS
|
||||
CFLAGS="$CFLAGS -fsanitize=address,undefined"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
ax_cv_check_cflags___fsanitize_address_undefined=yes
|
||||
else
|
||||
ax_cv_check_cflags___fsanitize_address_undefined=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
CFLAGS=$ax_check_save_flags
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fsanitize_address_undefined" >&5
|
||||
$as_echo "$ax_cv_check_cflags___fsanitize_address_undefined" >&6; }
|
||||
if test x"$ax_cv_check_cflags___fsanitize_address_undefined" = xyes; then :
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fsanitize=address,undefined" >&5
|
||||
$as_echo_n "checking whether the linker accepts -fsanitize=address,undefined... " >&6; }
|
||||
if ${ax_cv_check_ldflags___fsanitize_address_undefined+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
|
||||
ax_check_save_flags=$LDFLAGS
|
||||
LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
ax_cv_check_ldflags___fsanitize_address_undefined=yes
|
||||
else
|
||||
ax_cv_check_ldflags___fsanitize_address_undefined=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LDFLAGS=$ax_check_save_flags
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fsanitize_address_undefined" >&5
|
||||
$as_echo "$ax_cv_check_ldflags___fsanitize_address_undefined" >&6; }
|
||||
if test x"$ax_cv_check_ldflags___fsanitize_address_undefined" = xyes; then :
|
||||
|
||||
LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
|
||||
CFLAGS="$CFLAGS -fsanitize=address,undefined"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5
|
||||
$as_echo_n "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; }
|
||||
if ${ax_cv_check_cflags___fno_omit_frame_pointer+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
|
||||
ax_check_save_flags=$CFLAGS
|
||||
CFLAGS="$CFLAGS -fno-omit-frame-pointer"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
ax_cv_check_cflags___fno_omit_frame_pointer=yes
|
||||
else
|
||||
ax_cv_check_cflags___fno_omit_frame_pointer=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
CFLAGS=$ax_check_save_flags
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_omit_frame_pointer" >&5
|
||||
$as_echo "$ax_cv_check_cflags___fno_omit_frame_pointer" >&6; }
|
||||
if test x"$ax_cv_check_cflags___fno_omit_frame_pointer" = xyes; then :
|
||||
|
||||
CFLAGS="$CFLAGS -fno-omit-frame-pointer"
|
||||
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
$as_echo "#define NO_LEAKS 1" >>confdefs.h
|
||||
|
||||
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if test -n "$GCC"; then
|
||||
if test -z "$enable_pie"; then
|
||||
case "$host_os" in
|
||||
@ -26462,5 +26587,6 @@ fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
21
configure.ac
21
configure.ac
@ -1451,6 +1451,9 @@ AC_ARG_ENABLE(hardening,
|
||||
AC_ARG_ENABLE(pie,
|
||||
[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
|
||||
|
||||
AC_ARG_ENABLE(asan,
|
||||
[AS_HELP_STRING([--enable-asan], [Build sudo with address sanitizer support.])])
|
||||
|
||||
AC_ARG_ENABLE(poll,
|
||||
[AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])])
|
||||
|
||||
@ -3937,6 +3940,23 @@ EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl Check for -fsanitize=address,undefined support
|
||||
dnl This test relies on AC_LANG_WERROR
|
||||
dnl
|
||||
if test "$enable_asan" = "yes"; then
|
||||
AX_CHECK_COMPILE_FLAG([-fsanitize=address,undefined], [
|
||||
AX_CHECK_LINK_FLAG([-fsanitize=address,undefined], [
|
||||
LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
|
||||
CFLAGS="$CFLAGS -fsanitize=address,undefined"
|
||||
AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [
|
||||
CFLAGS="$CFLAGS -fno-omit-frame-pointer"
|
||||
])
|
||||
AC_DEFINE(NO_LEAKS)
|
||||
])
|
||||
])
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl Check for PIE executable support if using gcc.
|
||||
dnl This test relies on AC_LANG_WERROR
|
||||
@ -4294,6 +4314,7 @@ AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PA
|
||||
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
|
||||
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
|
||||
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
|
||||
AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.])
|
||||
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
|
||||
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
|
||||
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user