From 755026771a6ec3c7da41010940ddbade43c77f22 Mon Sep 17 00:00:00 2001
From: Sebastian Hahn <sebastian@torproject.org>
Date: Sun, 10 Apr 2011 18:25:05 +0200
Subject: [PATCH] Implement --enable-gcc-hardening configure option

Using --enable-gcc-hardening enables some additional safety features
that gcc makes available such as stack smashing protection using
canaries and ASLR.

This commit is based on a patch for Tor:
(git commit 04fa935e02270bc90aca0f1c652d31c7a872175b by Jacob Appelbaum)
Copyright (c) 2007-2011, The Tor Project, Inc.
---
 configure.in | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/configure.in b/configure.in
index 539af4c2..532c6297 100644
--- a/configure.in
+++ b/configure.in
@@ -56,6 +56,13 @@ fi
 AC_ARG_ENABLE(gcc-warnings,
      AS_HELP_STRING(--disable-gcc-warnings, disable verbose warnings with GCC))
 
+AC_ARG_ENABLE(gcc-hardening,
+     AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+fi])
 
 AC_ARG_ENABLE(thread-support,
      AS_HELP_STRING(--disable-thread-support, disable support for threading),