Permalink
Browse files

environment/configure/hardening.sh: enable -fstack-clash-protection

This flag will make GCC 8 touch all space allocated using alloca(3)
and thus detect code jumping over the "stack gap".
  • Loading branch information...
chneukirchen committed Jan 11, 2019
1 parent 9ecfc32 commit 6b81302e380aaf6688982b932a4efff7c642a7f5
Showing with 2 additions and 2 deletions.
  1. +2 −2 common/environment/configure/hardening.sh
@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
else
# Enable FORITFY_SOURCE=2
CFLAGS="-D_FORTIFY_SOURCE=2 ${CFLAGS}"
CXXFLAGS="-D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
fi
else

1 comment on commit 6b81302

@pullmoll

This comment has been minimized.

Copy link
Member

pullmoll commented on 6b81302 Jan 11, 2019

👍 restarted yet another build from scratch with this flag now.

Please sign in to comment.