diff mbox

[8/12] New configure option --enable-espf=(all|ssp|pie|no)

Message ID 2211926.goxegFn7jX@laptop1.gw.ume.nu
State New
Headers show

Commit Message

Magnus Granberg Sept. 10, 2012, 11:37 p.m. UTC 
fredag 07 september 2012 18.41.29 skrev  Joseph S. Myers:
> On Fri, 7 Sep 2012, Magnus Granberg wrote:
> > +NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}is
> 
> @emph{Note:} (existing style).  @option{--enable-espf....}.
> 
> > +this option enabled by default for C, C++, ObjC, ObjC++.
> > +To disable, use @option{-Wformat=0}.
> 
> -Wno-format rather than -Wformat=0.
> 
> The same comments apply several times in the patch.
> 
> > +@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found.
> 
> @option{-static} (missing '-').  Likewise elsewhere in the patch.

Have updated the patch.
Thank you for the hints.

Gentoo Hardened Project
Magnus Granberg
diff mbox

Patch

--- a/gcc/doc/invoke.texi	2012-03-01 10:57:59.000000000 +0100
+++ b/gcc/doc/invoke.texi	2012-07-30 00:57:03.766847851 +0200
@@ -3216,6 +3216,11 @@  aspects of format checking, the options
 @option{-Wformat-nonliteral}, @option{-Wformat-security}, and
 @option{-Wformat=2} are available, but are not included in @option{-Wall}.
 
+@emph{Note:} (existing style).
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}}this option is
+enabled by default for C, C++, ObjC, ObjC++. To disable, use
+@option{-Wno-format}.
+
 @item -Wformat-y2k
 @opindex Wformat-y2k
 @opindex Wno-format-y2k
@@ -3269,6 +3273,13 @@  currently a subset of what @option{-Wfor
 in future warnings may be added to @option{-Wformat-security} that are not
 included in @option{-Wformat-nonliteral}.)
 
+@emph{Note:} (existing style).
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}}this option is
+enabled by default for C, C++, ObjC, ObjC++.  To disable, use 
+@option{-Wno-format-security}, or disable all format warnings
+with @option{-Wno-format}.  To make format security warnings fatal,
+specify @option{-Werror=format-security}.
+
 @item -Wformat=2
 @opindex Wformat=2
 @opindex Wno-format=2
@@ -6229,6 +6239,14 @@  also turns on the following optimization
 Please note the warning under @option{-fgcse} about
 invoking @option{-O2} on programs that use computed gotos.
 
+@emph{Note:} (existing style).
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}},
+@option{-D_FORTIFY_SOURCE=2} is set by default, and is activated 
+when @option{-O} is set to 2 or higher. This enables additional 
+compile-time and run-time checks for several libc functions.
+To disable, specify either @option{-U_FORTIFY_SOURCE} or
+@option{-D_FORTIFY_SOURCE=0}.
+
 @item -O3
 @opindex O3
 Optimize yet more.  @option{-O3} turns on all optimizations specified
@@ -8475,6 +8492,13 @@  functions with buffers larger than 8 byt
 when a function is entered and then checked when the function exits.
 If a guard check fails, an error message is printed and the program exits.
 
+@emph{Note:} (existing style). 
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option
+is enabled by default for C, C++, ObjC, ObjC++, if none of 
+@option{-fno-stack-protector}, @option{-nostdlib}, 
+@option{-fno-stack-protector-all}, @option{nodefaultlibs}, 
+nor @option{-ffreestanding} are found.
+
 @item -fstack-protector-all
 @opindex fstack-protector-all
 Like @option{-fstack-protector} except that all functions are protected.
@@ -9457,6 +9480,13 @@  For predictable results, you must also s
 that were used to generate code (@option{-fpie}, @option{-fPIE},
 or model suboptions) when you specify this option.
 
+@emph{Note:} (existing style). 
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is
+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
+@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
+@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
+@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found.
+
 @item -rdynamic
 @opindex rdynamic
 Pass the flag @option{-export-dynamic} to the ELF linker, on targets
@@ -19125,6 +19154,13 @@  used during linking.
 @code{__pie__} and @code{__PIE__}.  The macros have the value 1
 for @option{-fpie} and 2 for @option{-fPIE}.
 
+@emph{Note:} (existing style). 
+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is
+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
+@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
+@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
+@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found.
+
 @item -fno-jump-tables
 @opindex fno-jump-tables
 Do not use jump tables for switch statements even where it would be
--- a/gcc/doc/install.texi	2012-03-02 10:37:30.000000000 +0100
+++ b/gcc/doc/install.texi	2012-07-23 18:05:14.160784593 +0200
@@ -1392,6 +1392,18 @@  do a @samp{make -C gcc gnatlib_and_tools
 Specify that the run-time libraries for stack smashing protection
 should not be built.
 
+@item --enable-espf=@var{list}
+Will turn on some compiler and preprosessor options as default.
+@option{-D_FORTIFY_SOURCE=2}, @option{-Wformat} and 
+@option{-Wformat-security} will be turn on as default and depend on
+if you use @samp{all} it will turn on @option{-fstack-protection}and
+@option{-fPIE} and @option{-pie} by default. if the support is there. If you
+use @samp{ssp} it will turn on @option{-fstack-protection} by default if the
+support is there. If you use @samp{pie} it will turn on @option{-fPIE} and
+@option{-pie} by default if the support is there. If you use @samp{no} it will
+not turn on any options. We only support i?86*-*-linux* and
+x86_64*-*-linux* as target for now.
+
 @item --disable-libquadmath
 Specify that the GCC quad-precision math library should not be built.
 On some systems, the library is required to be linkable when building