environment/configure/hardening.sh: enable -fstack-clash-protection

This flag will make GCC 8 touch all space allocated using alloca(3) and thus detect code jumping over the "stack gap".
2019-01-11 16:10:07 +01:00 · 2019-01-11 16:10:07 +01:00 · 6b81302e38
parent 9ecfc32a1d
commit 6b81302e38
1 changed files with 2 additions and 2 deletions
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
 		LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	else
 		# Enable FORITFY_SOURCE=2
-		CFLAGS="-D_FORTIFY_SOURCE=2 ${CFLAGS}"
-		CXXFLAGS="-D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
+		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
+		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
 		LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	fi
 else