aboutsummaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-10-19 13:07:28 -0400
committerMike Frysinger <vapier@gentoo.org>2015-10-19 15:36:48 -0400
commit6ab674ebff5e60c62b126d0ac2e774e581916afe (patch)
tree72e72448b982e3715630f091e3be4612244f6589 /configure.ac
parentcf6d542db3dfe26402b6adaa740a578b54767f65 (diff)
downloadglibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.zip
glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.tar.gz
glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.tar.bz2
use -fstack-protector-strong when available
With gcc-4.9, a new -fstack-protector-strong flag is available that is between -fstack-protector (pretty weak) and -fstack-protector-all (pretty strong) that provides good trade-offs between overhead but still providing good coverage. Update the places in glibc that use ssp to use this flag when it's available. This also kills off the indirection of hardcoding the flag name in the Makefiles and adding it based on a have-ssp boolean. Instead, the build always expands the $(stack-protector) variable to the best ssp setting. This makes the build logic a bit simpler and allows people to easily set to a diff flag like: make stack-protector=-fstack-protector-all
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac15
1 files changed, 14 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index eba7a15..e6cab9c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1503,7 +1503,20 @@ LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
[libc_cv_ssp=yes],
[libc_cv_ssp=no])
])
-AC_SUBST(libc_cv_ssp)
+
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
+ [libc_cv_ssp_strong=yes],
+ [libc_cv_ssp_strong=no])
+])
+
+stack_protector=
+if test "$libc_cv_ssp_strong" = "yes"; then
+ stack_protector="-fstack-protector-strong"
+elif test "$libc_cv_ssp" = "yes"; then
+ stack_protector="-fstack-protector"
+fi
+AC_SUBST(stack_protector)
AC_CACHE_CHECK(whether cc puts quotes around section names,
libc_cv_have_section_quotes,