diff options
author | Mateusz Grzonka <mateusz.grzonka@intel.com> | 2023-07-17 15:19:10 +0200 |
---|---|---|
committer | Jes Sorensen <jes@trained-monkey.org> | 2023-09-01 12:15:39 -0400 |
commit | 55a1150c7438afcb7756fccd49713ede20a58e4a (patch) | |
tree | 6ba6dcfa669a46b1667bc7391bfe9a694beb9347 | |
parent | 8d1114be8c0a307d251c24078833b029efabc448 (diff) | |
download | mdadm-test-55a1150c7438afcb7756fccd49713ede20a58e4a.tar.gz |
Add compiler defenses flags
It is essential to avoid buffer overflows and similar bugs as much as
possible.
According to Intel rules we are obligated to verify certain
compiler flags, so it will be much easier if they are added to the
Makefile.
Add gcc flags for prevention of buffer overflows, format string vulnerabilities,
stack protection to prevent stack overwrites and aslr enablement through -fPIE.
Also make the flags configurable.
The changes were verified on gcc versions 7.5, 8.3, 9.2, 10 and 12.2.
Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
-rw-r--r-- | Makefile | 41 |
1 files changed, 29 insertions, 12 deletions
@@ -30,7 +30,7 @@ # define "CXFLAGS" to give extra flags to CC. # e.g. make CXFLAGS=-O to optimise -CXFLAGS ?=-O2 +CXFLAGS ?=-O2 -D_FORTIFY_SOURCE=2 TCC = tcc UCLIBC_GCC = $(shell for nm in i386-uclibc-linux-gcc i386-uclibc-gcc; do which $$nm > /dev/null && { echo $$nm ; exit; } ; done; echo false No uclibc found ) #DIET_GCC = diet gcc @@ -50,14 +50,30 @@ ifeq ($(origin CC),default) CC := $(CROSS_COMPILE)gcc endif CXFLAGS ?= -ggdb -CWFLAGS = -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter +CWFLAGS ?= -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -fPIE -Warray-bounds ifdef WARN_UNUSED -CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3 +CWFLAGS += -Wp -O3 endif -FALLTHROUGH := $(shell gcc -v --help 2>&1 | grep "implicit-fallthrough" | wc -l) -ifneq "$(FALLTHROUGH)" "0" -CWFLAGS += -Wimplicit-fallthrough=0 +ifeq ($(origin FALLTHROUGH), undefined) + FALLTHROUGH := $(shell gcc -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l) + ifneq "$(FALLTHROUGH)" "0" + CWFLAGS += -Wimplicit-fallthrough=0 + endif +endif + +ifeq ($(origin FORMATOVERFLOW), undefined) + FORMATOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l) + ifneq "$(FORMATOVERFLOW)" "0" + CWFLAGS += -Wformat-overflow + endif +endif + +ifeq ($(origin STRINGOPOVERFLOW), undefined) + STRINGOPOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l) + ifneq "$(STRINGOPOVERFLOW)" "0" + CWFLAGS += -Wstringop-overflow + endif endif ifdef DEBIAN @@ -116,10 +132,12 @@ CFLAGS += -DUSE_PTHREADS MON_LDFLAGS += -pthread endif +LDFLAGS = -Wl,-z,now,-z,noexecstack + # If you want a static binary, you might uncomment these -# LDFLAGS = -static +# LDFLAGS += -static # STRIP = -s -LDLIBS = -ldl +LDLIBS = -ldl -pie # To explicitly disable libudev, set -DNO_LIBUDEV in CXFLAGS ifeq (, $(findstring -DNO_LIBUDEV, $(CXFLAGS))) @@ -209,14 +227,13 @@ mdadm.Os : $(SRCS) $(INCL) $(CC) -o mdadm.Os $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -Os $(SRCS) $(LDLIBS) mdadm.O2 : $(SRCS) $(INCL) mdmon.O2 - $(CC) -o mdadm.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -O2 -D_FORTIFY_SOURCE=2 $(SRCS) $(LDLIBS) + $(CC) -o mdadm.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DHAVE_STDINT_H -O2 $(SRCS) $(LDLIBS) mdmon.O2 : $(MON_SRCS) $(INCL) mdmon.h - $(CC) -o mdmon.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -DHAVE_STDINT_H -O2 -D_FORTIFY_SOURCE=2 $(MON_SRCS) $(LDLIBS) + $(CC) -o mdmon.O2 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -DHAVE_STDINT_H -O2 $(MON_SRCS) $(LDLIBS) -# use '-z now' to guarantee no dynamic linker interactions with the monitor thread mdmon : $(MON_OBJS) | check_rundir - $(CC) $(CFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -Wl,-z,now -o mdmon $(MON_OBJS) $(LDLIBS) + $(CC) $(CFLAGS) $(LDFLAGS) $(MON_LDFLAGS) -o mdmon $(MON_OBJS) $(LDLIBS) msg.o: msg.c msg.h test_stripe : restripe.c xmalloc.o mdadm.h |