[01/12] Configury support for --enable-stack-protector.
Commit Message
From: Nick Alcock <nick.alcock@oracle.com>
This adds =all and =strong, with obvious semantics, and with a rather
arbitrarily-chosen default off, which we might well want to change to
something stronger once this patch has been tested by people other than
me.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCC's hacked
to pass in -fstack-protector by default.)
We might want to add another configuration option to turn on
-fstack-protector for nscd and other network-facing operations by
default, but for now I've stuck with one option to control everything.
---
configure.ac | 61 ++++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 41 insertions(+), 20 deletions(-)
Comments
Nix <nix@esperi.org.uk> writes:
> +AC_ARG_ENABLE([stack-protector],
> + AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
> + [Detect stack overflows in glibc functions with large string buffers, or in all glibc functions]),
Please explain the meaning of the argument in the help string.
Andreas.
On 20 Feb 2016, Andreas Schwab spake thusly:
> Nix <nix@esperi.org.uk> writes:
>
>> +AC_ARG_ENABLE([stack-protector],
>> + AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
>> + [Detect stack overflows in glibc functions with large string buffers, or in all glibc functions]),
>
> Please explain the meaning of the argument in the help string.
It's... a bit much to explain the difference between
--stack-protector=yes/all/strong in a configure help string without
filling half the screen up with explanations, but I'll try!
Nix <nix@esperi.org.uk> writes:
> On 20 Feb 2016, Andreas Schwab spake thusly:
>
>> Nix <nix@esperi.org.uk> writes:
>>
>>> +AC_ARG_ENABLE([stack-protector],
>>> + AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
>>> + [Detect stack overflows in glibc functions with large string buffers, or in all glibc functions]),
>>
>> Please explain the meaning of the argument in the help string.
>
> It's... a bit much to explain the difference between
> --stack-protector=yes/all/strong in a configure help string without
> filling half the screen up with explanations, but I'll try!
It should just mention the connection to -fstack-protector.
Andreas.
Any patch adding a new configure option should also document it in
install.texi and regenerate INSTALL.
On 20 Feb 2016, Joseph Myers spake thusly:
> Any patch adding a new configure option should also document it in
> install.texi and regenerate INSTALL.
Thanks -- missed that. I'll add a new patch for that one, I think, and
add it to the next posting of the patch series: folding it into the
configury addition patch seems wrong.
@@ -232,6 +232,18 @@ AC_ARG_ENABLE([bind-now],
[bindnow=no])
AC_SUBST(bindnow)
+dnl Build glibc with -fstack-protector, -fstack-protector-all, or
+dnl -fstack-protector-strong.
+AC_ARG_ENABLE([stack-protector],
+ AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
+ [Detect stack overflows in glibc functions with large string buffers, or in all glibc functions]),
+ [enable_stack_protector=$enableval],
+ [enable_stack_protector=no])
+case x"$enable_stack_protector" in
+ xall|xyes|xno|xstrong) ;;
+ *) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector]);;
+esac
+
dnl On some platforms we cannot use dynamic loading. We must provide
dnl static NSS modules.
AC_ARG_ENABLE([static-nss],
@@ -602,6 +614,35 @@ fi
test -n "$base_machine" || base_machine=$machine
AC_SUBST(base_machine)
+AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
+ [libc_cv_ssp=yes],
+ [libc_cv_ssp=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
+ [libc_cv_ssp_strong=yes],
+ [libc_cv_ssp_strong=no])
+])
+
+AC_CACHE_CHECK(for -fstack-protector-all, libc_cv_ssp_all, [dnl
+LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-all],
+ [libc_cv_ssp_all=yes],
+ [libc_cv_ssp_all=no])
+])
+
+stack_protector=
+if test x$enable_stack_protector = xyes && test $libc_cv_ssp = yes; then
+ stack_protector=-fstack-protector
+elif test x$enable_stack_protector = xall && test $libc_cv_ssp_all = yes; then
+ stack_protector=-fstack-protector-all
+elif test x$enable_stack_protector = xstrong && test $libc_cv_ssp_strong = yes; then
+ stack_protector=-fstack-protector-strong
+fi
+AC_SUBST(libc_cv_ssp)
+AC_SUBST(stack_protector)
+
# For the multi-arch option we need support in the assembler & linker.
AC_CACHE_CHECK([for assembler and linker STT_GNU_IFUNC support],
libc_cv_ld_gnu_indirect_function, [dnl
@@ -1389,26 +1430,6 @@ else
fi
AC_SUBST(fno_unit_at_a_time)
-AC_CACHE_CHECK(for -fstack-protector, libc_cv_ssp, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector],
- [libc_cv_ssp=yes],
- [libc_cv_ssp=no])
-])
-
-AC_CACHE_CHECK(for -fstack-protector-strong, libc_cv_ssp_strong, [dnl
-LIBC_TRY_CC_OPTION([$CFLAGS $CPPFLAGS -Werror -fstack-protector-strong],
- [libc_cv_ssp_strong=yes],
- [libc_cv_ssp_strong=no])
-])
-
-stack_protector=
-if test "$libc_cv_ssp_strong" = "yes"; then
- stack_protector="-fstack-protector-strong"
-elif test "$libc_cv_ssp" = "yes"; then
- stack_protector="-fstack-protector"
-fi
-AC_SUBST(stack_protector)
-
AC_CACHE_CHECK(whether cc puts quotes around section names,
libc_cv_have_section_quotes,
[cat > conftest.c <<EOF