proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 09:47:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

compiler: -fexceptions hardening

Browse Source 
This hardens multi-threaded C. Without it, the implementation of thread
cancellation handlers (introduced by pthread_cleanup_push) uses a completely
unprotected function pointer on the stack. This function pointer can simplify
the exploitation of stack-based buffer overflows even if the thread in question
is never canceled.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2019-03-11 23:36:02 +01:00
parent a40093c6f7
commit e74d1fd9f3
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -721,6 +721,7 @@ AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])