Add stack clash protection to the WITH_SSP flag
Some background info availabe in: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3 https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/ Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D48651
This commit is contained in:
+1
-1
@@ -304,7 +304,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions
|
||||
FORTIFY_SOURCE?= 0
|
||||
.if ${MK_SSP} != "no"
|
||||
# Don't use -Wstack-protector as it breaks world with -Werror.
|
||||
SSP_CFLAGS?= -fstack-protector-strong
|
||||
SSP_CFLAGS?= -fstack-protector-strong -fstack-clash-protection
|
||||
CFLAGS+= ${SSP_CFLAGS}
|
||||
.endif # SSP
|
||||
.if ${FORTIFY_SOURCE} > 0
|
||||
|
||||
Reference in New Issue
Block a user