On 10/28/2013 05:05 PM, Jeffrey Walton wrote: > > What are the canned macros to specify ASLR (-fPIE/-pie for a program; > > -fPIC/-shared for shared objects), Fortified Sources > > (-DFORTIFY_SOURCE), Stack Protector (-fstack-protector-all and --param > > ssp-buffer-size), NX Stack (-Wl,-z,noexecstack), NX Heap > > (-Wl,-z,noexecheap), GOT hardening (-Wl,-z,relro), PLT hardening > > (-Wl,-z,now)? > > > > Related: are there canned macros for warning such as -Wall, -Wextra, > > and -Wconversion? Eric Blake replied: > Autoconf itself does not provide any canned macro for these > (gcc-specific) flags; but you may be interested in gnulib's manywarnings module. I'd like to see autoconf portably *enable* compiler warnings by default (at least -Wall), for at least gcc and llvm. The compiler-probing mechanism could determine that for common cases. The earlier people see warnings, the more likely they are to address them, and that would eliminate some security problems. Ideally hardening options should be enabled by default (at least -fPIE or -fpie so ASLR works, and probably others too), but I understand why that's not automatic. But if it's not enabled by default, autoconf should come with a macro to detect and enable hardening options for common compilers/linkers. If it's easy to turn on, more people will do it. That way, programs would be harder to attack. Are there strong reasons these aren't already in autoconf? --- David A. Wheeler _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
