mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-31 14:25:15 +00:00
When checking for stack protector support we need to actually link
the test program.
This commit is contained in:
Todd C. Miller
46
configure
vendored
46
configure
vendored
@@ -23922,11 +23922,17 @@ if ${sudo_cv_var_stack_protector+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
|
||||
sudo_cv_var_stack_protector=no
|
||||
# Avoid using CFLAGS since the compiler might optimize away our
|
||||
# test. We don't want LIBS to interfere with the test but keep
|
||||
# LDFLAGS as it may have an rpath needed to find the ssp lib.
|
||||
_CFLAGS="$CFLAGS"
|
||||
_LDFLAGS="$LDFLAGS"
|
||||
CFLAGS="-fstack-protector-strong"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector-strong"
|
||||
_LIBS="$LIBS"
|
||||
LIBS=
|
||||
|
||||
sudo_cv_var_stack_protector="-fstack-protector-strong"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
@@ -23940,14 +23946,13 @@ char buf[1024]; buf[1023] = '\0';
|
||||
}
|
||||
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
|
||||
sudo_cv_var_stack_protector="-fstack-protector-strong"
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
|
||||
else
|
||||
|
||||
CFLAGS="-fstack-protector-all"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector-all"
|
||||
sudo_cv_var_stack_protector="-fstack-protector-all"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
@@ -23961,14 +23966,13 @@ char buf[1024]; buf[1023] = '\0';
|
||||
}
|
||||
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
|
||||
sudo_cv_var_stack_protector="-fstack-protector-all"
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
|
||||
else
|
||||
|
||||
CFLAGS="-fstack-protector"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector"
|
||||
sudo_cv_var_stack_protector="-fstack-protector"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
@@ -23982,20 +23986,26 @@ char buf[1024]; buf[1023] = '\0';
|
||||
}
|
||||
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
|
||||
sudo_cv_var_stack_protector="-fstack-protector"
|
||||
else
|
||||
|
||||
sudo_cv_var_stack_protector=no
|
||||
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
CFLAGS="$_CFLAGS"
|
||||
LDFLAGS="$_LDFLAGS"
|
||||
LIBS="$_LIBS"
|
||||
|
||||
|
||||
fi
|
||||
|
||||
43
configure.ac
43
configure.ac
@@ -3981,37 +3981,42 @@ if test "$enable_hardening" != "no"; then
|
||||
AC_CACHE_CHECK([for compiler stack protector support],
|
||||
[sudo_cv_var_stack_protector],
|
||||
[
|
||||
sudo_cv_var_stack_protector=no
|
||||
# Avoid using CFLAGS since the compiler might optimize away our
|
||||
# test. We don't want LIBS to interfere with the test but keep
|
||||
# LDFLAGS as it may have an rpath needed to find the ssp lib.
|
||||
_CFLAGS="$CFLAGS"
|
||||
_LDFLAGS="$LDFLAGS"
|
||||
CFLAGS="-fstack-protector-strong"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector-strong"
|
||||
AC_COMPILE_IFELSE([
|
||||
_LIBS="$LIBS"
|
||||
LIBS=
|
||||
|
||||
sudo_cv_var_stack_protector="-fstack-protector-strong"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
AC_LINK_IFELSE([
|
||||
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
|
||||
[[char buf[1024]; buf[1023] = '\0';]])
|
||||
], [
|
||||
sudo_cv_var_stack_protector="-fstack-protector-strong"
|
||||
], [
|
||||
CFLAGS="-fstack-protector-all"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector-all"
|
||||
AC_COMPILE_IFELSE([
|
||||
], [], [
|
||||
sudo_cv_var_stack_protector="-fstack-protector-all"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
AC_LINK_IFELSE([
|
||||
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
|
||||
[[char buf[1024]; buf[1023] = '\0';]])
|
||||
], [
|
||||
sudo_cv_var_stack_protector="-fstack-protector-all"
|
||||
], [
|
||||
CFLAGS="-fstack-protector"
|
||||
LDFLAGS="$_LDFLAGS -fstack-protector"
|
||||
AC_COMPILE_IFELSE([
|
||||
], [], [
|
||||
sudo_cv_var_stack_protector="-fstack-protector"
|
||||
CFLAGS="$sudo_cv_var_stack_protector"
|
||||
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
|
||||
AC_LINK_IFELSE([
|
||||
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
|
||||
[[char buf[1024]; buf[1023] = '\0';]])
|
||||
], [
|
||||
sudo_cv_var_stack_protector="-fstack-protector"
|
||||
], [])
|
||||
], [], [
|
||||
sudo_cv_var_stack_protector=no
|
||||
])
|
||||
])
|
||||
])
|
||||
CFLAGS="$_CFLAGS"
|
||||
LDFLAGS="$_LDFLAGS"
|
||||
LIBS="$_LIBS"
|
||||
]
|
||||
)
|
||||
if test X"$sudo_cv_var_stack_protector" != X"no"; then
|
||||
|
||||
Reference in New Issue
Block a user