mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 14:55:12 +00:00
Code Issues Releases Wiki Activity

When checking for stack protector support we need to actually link

Browse Source 
the test program.
This commit is contained in:
Todd C. Miller
2015-10-30 08:49:22 -06:00
parent b87ac0f0a2
commit 448f7f25f2
2 changed files with 52 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
configure vendored
View File

@@ -23922,11 +23922,17 @@ if ${sudo_cv_var_stack_protector+:} false; then :
$as_echo_n "(cached) " >&6 $as_echo_n "(cached) " >&6
else else
sudo_cv_var_stack_protector=no # Avoid using CFLAGS since the compiler might optimize away our
# test. We don't want LIBS to interfere with the test but keep
# LDFLAGS as it may have an rpath needed to find the ssp lib.
_CFLAGS="$CFLAGS" _CFLAGS="$CFLAGS"
_LDFLAGS="$LDFLAGS" _LDFLAGS="$LDFLAGS"
CFLAGS="-fstack-protector-strong" _LIBS="$LIBS"
LDFLAGS="$_LDFLAGS -fstack-protector-strong" LIBS=
sudo_cv_var_stack_protector="-fstack-protector-strong"
CFLAGS="$sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */ /* end confdefs.h. */
@@ -23940,14 +23946,13 @@ char buf[1024]; buf[1023] = '\0';
} }
_ACEOF _ACEOF
if ac_fn_c_try_compile "$LINENO"; then : if ac_fn_c_try_link "$LINENO"; then :
sudo_cv_var_stack_protector="-fstack-protector-strong"
else else
CFLAGS="-fstack-protector-all" sudo_cv_var_stack_protector="-fstack-protector-all"
LDFLAGS="$_LDFLAGS -fstack-protector-all" CFLAGS="$sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */ /* end confdefs.h. */
@@ -23961,14 +23966,13 @@ char buf[1024]; buf[1023] = '\0';
} }
_ACEOF _ACEOF
if ac_fn_c_try_compile "$LINENO"; then : if ac_fn_c_try_link "$LINENO"; then :
sudo_cv_var_stack_protector="-fstack-protector-all"
else else
CFLAGS="-fstack-protector" sudo_cv_var_stack_protector="-fstack-protector"
LDFLAGS="$_LDFLAGS -fstack-protector" CFLAGS="$sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */ /* end confdefs.h. */
@@ -23982,20 +23986,26 @@ char buf[1024]; buf[1023] = '\0';
} }
_ACEOF _ACEOF
if ac_fn_c_try_compile "$LINENO"; then : if ac_fn_c_try_link "$LINENO"; then :
sudo_cv_var_stack_protector="-fstack-protector" else
sudo_cv_var_stack_protector=no
fi fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS="$_CFLAGS" CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS" LDFLAGS="$_LDFLAGS"
LIBS="$_LIBS"
fi fi

43
configure.ac
View File

@@ -3981,37 +3981,42 @@ if test "$enable_hardening" != "no"; then
AC_CACHE_CHECK([for compiler stack protector support], AC_CACHE_CHECK([for compiler stack protector support],
[sudo_cv_var_stack_protector], [sudo_cv_var_stack_protector],
[ [
sudo_cv_var_stack_protector=no # Avoid using CFLAGS since the compiler might optimize away our
# test. We don't want LIBS to interfere with the test but keep
# LDFLAGS as it may have an rpath needed to find the ssp lib.
_CFLAGS="$CFLAGS" _CFLAGS="$CFLAGS"
_LDFLAGS="$LDFLAGS" _LDFLAGS="$LDFLAGS"
CFLAGS="-fstack-protector-strong" _LIBS="$LIBS"
LDFLAGS="$_LDFLAGS -fstack-protector-strong" LIBS=
AC_COMPILE_IFELSE([
sudo_cv_var_stack_protector="-fstack-protector-strong"
CFLAGS="$sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
AC_LINK_IFELSE([
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
[[char buf[1024]; buf[1023] = '\0';]]) [[char buf[1024]; buf[1023] = '\0';]])
], [ ], [], [
sudo_cv_var_stack_protector="-fstack-protector-strong" sudo_cv_var_stack_protector="-fstack-protector-all"
], [ CFLAGS="$sudo_cv_var_stack_protector"
CFLAGS="-fstack-protector-all" LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS -fstack-protector-all" AC_LINK_IFELSE([
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
[[char buf[1024]; buf[1023] = '\0';]]) [[char buf[1024]; buf[1023] = '\0';]])
], [ ], [], [
sudo_cv_var_stack_protector="-fstack-protector-all" sudo_cv_var_stack_protector="-fstack-protector"
], [ CFLAGS="$sudo_cv_var_stack_protector"
CFLAGS="-fstack-protector" LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
LDFLAGS="$_LDFLAGS -fstack-protector" AC_LINK_IFELSE([
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
[[char buf[1024]; buf[1023] = '\0';]]) [[char buf[1024]; buf[1023] = '\0';]])
], [ ], [], [
sudo_cv_var_stack_protector="-fstack-protector" sudo_cv_var_stack_protector=no
], []) ])
]) ])
]) ])
CFLAGS="$_CFLAGS" CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS" LDFLAGS="$_LDFLAGS"
LIBS="$_LIBS"
] ]
) )
if test X"$sudo_cv_var_stack_protector" != X"no"; then if test X"$sudo_cv_var_stack_protector" != X"no"; then