Browse Source

build: Add GCC stack-protector/SSP to default flag set

* configure.ac: Add GCC SSP / -fstack-protector-strong to default flag
  set, when available, as part of defence in depth. At least some
  distros already use SSP by default and it can detect buffer overflows
  above a certain size.
Paul Jakma 5 years ago
parent
commit
40fc3dda2b
1 changed files with 1 additions and 0 deletions
  1. 1 0
      configure.ac

+ 1 - 0
configure.ac

@@ -150,6 +150,7 @@ if test "x${cflags_specified}" = "x" ; then
         AC_C_FLAG([-Os], [
           AC_C_FLAG([-O2])
         ])
+        AC_C_FLAG([-fstack-protector-strong])
         AC_C_FLAG([-fpie])
         AC_C_FLAG([-fno-omit-frame-pointer])
         AC_C_FLAG([-Wall])