Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
The page is explaining more about the order of these flags. My interest in this page was more to do with the order in which these flags would get 'applied' on to the AM_**flags (and not in the context of C or C++!!) Basically wanted to be sure of any further chance of 'overwriding' of these flags. Cheers, Mathi. -Original Message- From: Anders Widell [mailto:anders.wid...@ericsson.com] Sent: Friday, December 13, 2013 9:28 PM To: Mathivanan Naickan Palanivelu Cc: opensaf-devel@lists.sourceforge.net Subject: Re: [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650] It was an interesting page; I haven't read it before. Btw the name CPPFLAGS could be confusing at first: CPP stands for C PreProcessor, not C Plus Plus. So it applies to both C and C++ code. regards, Anders Widell 2013-12-13 11:34, Mathivanan Naickan Palanivelu skrev: Ack. I was going through this link to review this patch. http://www.gnu.org/software/automake/manual/html_node/Flag- Variables-O rdering.html It might be of interest to you too. Basically, I wanted to figure out whether CPP_FLAGS should be passed to AM_CPP FLAGS or to AM_CXX FLAGS. - Mathi. -Original Message- From: Anders Widell [mailto:anders.wid...@ericsson.com] Sent: Monday, December 09, 2013 5:15 PM To: Mathivanan Naickan Palanivelu Cc: opensaf-devel@lists.sourceforge.net Subject: [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650] 00-README.conf | 2 +- Makefile.common | 4 ++-- README | 16 configure.ac | 18 ++ tools/cluster_sim_uml/README | 2 +- 5 files changed, 34 insertions(+), 8 deletions(-) By default, build with the extra hardening flags -D_FORTIFY_SOURCE=2 -fstack-protector for improved security and enhanced run-time error detection. The flags can be overridden by setting the environment variable OSAF_HARDEN_FLAGS when building OpenSAF. Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce the risk that a user accidentally builds without optimization by overriding the default CFLAGS and/or CXXFLAGS, the README files have been updated to recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS. diff --git a/00-README.conf b/00-README.conf --- a/00-README.conf +++ b/00-README.conf @@ -85,7 +85,7 @@ file does not have to be changed unless: - OpenSAF should run as a different UNIX group and user than the default 'opensaf' group/user. - If OpenSAF was built with the flags CFLAGS=-DRUNASROOT, then + If OpenSAF was built with the flags CPPFLAGS=-DRUNASROOT, then change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (4.2) behaviour. For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly diff --git a/Makefile.common b/Makefile.common --- a/Makefile.common +++ b/Makefile.common @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ $(CORE_INCLUDES) \ $(all_includes) -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - D__STDC_FORMAT_MACROS +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC @OSAF_HARDEN_FLAGS@ +AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ AM_LDFLAGS = -ldl -lrt -lpthread # diff --git a/README b/README --- a/README +++ b/README @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. To re-enable the old (pre 4.3) non flat addressing, configure the constant MDS_USE_SUBSLOT_ID=1 at configure time as in: -% ./configure CFLAGS=-DMDS_USE_SUBSLOT_ID=1 ... +% ./configure CPPFLAGS=-DMDS_USE_SUBSLOT_ID=1 ... In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is added in the 4 LSB. The consequence of this is reduced number of @@ -308,7 +308,7 @@ 2) Run as root (optional) If the old (4.2) behaviour of running all processes as root is desired, use the following configure command: -% ./configure CFLAGS=-DRUNASROOT +% ./configure CPPFLAGS=-DRUNASROOT 3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The default TIPC importance is LOW for a In some cases the default importance must be changed if e.g. an application starves the LOW importance communication level. To change the default importance, use the following configure command - % ./configure CFLAGS=-DTIPCIMPORTANCE=level + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or TIPC_HIGH_IMPORTANCE - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE + e.g. configure CPPFLAGS=- DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE Note: Giving same importance to AVND all other Opensaf models is not preferred option. The behavior is
Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
Ok, I will close both of them when this is fixed.
regards,
Anders Widell
2013-12-10 15:57, Hans Nordebäck skrev:
a ticket for this already exists
http://sourceforge.net/p/opensaf/tickets/320/ /BR HansN
-Original Message-
From: Anders Widell [mailto:anders.wid...@ericsson.com]
Sent: den 9 december 2013 12:45
To: mathi.naic...@oracle.com
Cc: opensaf-devel@lists.sourceforge.net
Subject: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation
flags [#650]
00-README.conf | 2 +-
Makefile.common | 4 ++--
README | 16
configure.ac | 18 ++
tools/cluster_sim_uml/README | 2 +-
5 files changed, 34 insertions(+), 8 deletions(-)
By default, build with the extra hardening flags -D_FORTIFY_SOURCE=2
-fstack-protector for improved security and enhanced run-time error
detection. The flags can be overridden by setting the environment variable
OSAF_HARDEN_FLAGS when building OpenSAF.
Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce
the risk that a user accidentally builds without optimization by overriding
the default CFLAGS and/or CXXFLAGS, the README files have been updated to
recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS.
diff --git a/00-README.conf b/00-README.conf
--- a/00-README.conf
+++ b/00-README.conf
@@ -85,7 +85,7 @@ file does not have to be changed unless:
- OpenSAF should run as a different UNIX group and user than the default
'opensaf'
group/user.
- If OpenSAF was built with the flags CFLAGS=-DRUNASROOT, then
+ If OpenSAF was built with the flags CPPFLAGS=-DRUNASROOT, then
change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (4.2)
behaviour.
For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly
diff --git a/Makefile.common b/Makefile.common
--- a/Makefile.common
+++ b/Makefile.common
@@ -12,8 +12,8 @@ AM_CPPFLAGS = \
$(CORE_INCLUDES) \
$(all_includes)
-AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = -Wall
-fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS
+AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC
+@OSAF_HARDEN_FLAGS@ AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror
+-fPIC -D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@
AM_LDFLAGS = -ldl -lrt -lpthread
#
diff --git a/README b/README
--- a/README
+++ b/README
@@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc.
To re-enable the old (pre 4.3) non flat addressing, configure the constant
MDS_USE_SUBSLOT_ID=1 at configure time as in:
-% ./configure CFLAGS=-DMDS_USE_SUBSLOT_ID=1 ...
+% ./configure CPPFLAGS=-DMDS_USE_SUBSLOT_ID=1 ...
In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is
added in the 4 LSB. The consequence of this is reduced number of @@ -308,7
+308,7 @@ 2) Run as root (optional) If the old (4.2) behaviour of running
all processes as root is desired, use the following configure command:
-% ./configure CFLAGS=-DRUNASROOT
+% ./configure CPPFLAGS=-DRUNASROOT
3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The default
TIPC importance is LOW for a In some cases the default importance must be
changed if e.g. an application starves the LOW importance communication level.
To change the default importance, use the following configure command
- % ./configure CFLAGS=-DTIPCIMPORTANCE=level
+ % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level
where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or
TIPC_HIGH_IMPORTANCE
- e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE
+ e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE
Note: Giving same importance to AVND all other Opensaf models is not
preferred option. The behavior is unsupported.
+4) Configure GCC hardening options (optional)
+
+By default, the options -fstack-protector -D_FORTIFY_SOURCE=2 are
+passed to GCC for improved security. You can override these options by
+setting the OSAF_HARDEN_FLAGS when configuring OpenSAF. For example:
+
+ % ./configure OSAF_HARDEN_FLAGS=-fstack-protector-all
-D_FORTIFY_SOURCE=2
+
If you are using a released archive (dist tarball) follow the simple common
steps:
diff --git a/configure.ac b/configure.ac
--- a/configure.ac
+++ b/configure.ac
@@ -545,6 +545,22 @@ if test $enable_imm_pbe = yes; then
PKG_CHECK_MODULES([SQLITE3], [sqlite3]) fi
+if test -z $OSAF_HARDEN_FLAGS; then
+ # _FORTIFY_SOURCE requires optimization, so only enable it in optimized
+ # builds, i.e. when -O is present in both CFLAGS and CXXFLAGS.
+ if echo ${CFLAGS} | grep -q -- -O; then
+ if echo ${CXXFLAGS} | grep -q -- -O; then
+ OSAF_HARDEN_FLAGS=-D_FORTIFY_SOURCE=2
+ fi
+ fi
[devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
00-README.conf | 2 +-
Makefile.common | 4 ++--
README | 16
configure.ac | 18 ++
tools/cluster_sim_uml/README | 2 +-
5 files changed, 34 insertions(+), 8 deletions(-)
By default, build with the extra hardening flags -D_FORTIFY_SOURCE=2
-fstack-protector for improved security and enhanced run-time error
detection. The flags can be overridden by setting the environment variable
OSAF_HARDEN_FLAGS when building OpenSAF.
Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce the
risk that a user accidentally builds without optimization by overriding the
default CFLAGS and/or CXXFLAGS, the README files have been updated to recommend
passing preprocessor definitions using CPPFLAGS instead of CFLAGS.
diff --git a/00-README.conf b/00-README.conf
--- a/00-README.conf
+++ b/00-README.conf
@@ -85,7 +85,7 @@ file does not have to be changed unless:
- OpenSAF should run as a different UNIX group and user than the default
'opensaf'
group/user.
- If OpenSAF was built with the flags CFLAGS=-DRUNASROOT, then
+ If OpenSAF was built with the flags CPPFLAGS=-DRUNASROOT, then
change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (4.2)
behaviour.
For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly
diff --git a/Makefile.common b/Makefile.common
--- a/Makefile.common
+++ b/Makefile.common
@@ -12,8 +12,8 @@ AM_CPPFLAGS = \
$(CORE_INCLUDES) \
$(all_includes)
-AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC
-AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS
+AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC @OSAF_HARDEN_FLAGS@
+AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS
@OSAF_HARDEN_FLAGS@
AM_LDFLAGS = -ldl -lrt -lpthread
#
diff --git a/README b/README
--- a/README
+++ b/README
@@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc.
To re-enable the old (pre 4.3) non flat addressing, configure the constant
MDS_USE_SUBSLOT_ID=1 at configure time as in:
-% ./configure CFLAGS=-DMDS_USE_SUBSLOT_ID=1 ...
+% ./configure CPPFLAGS=-DMDS_USE_SUBSLOT_ID=1 ...
In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is
added in the 4 LSB. The consequence of this is reduced number of
@@ -308,7 +308,7 @@ 2) Run as root (optional)
If the old (4.2) behaviour of running all processes as root is desired, use
the following configure command:
-% ./configure CFLAGS=-DRUNASROOT
+% ./configure CPPFLAGS=-DRUNASROOT
3) Configure TIPC importance (optional)
@@ -317,13 +317,21 @@ The default TIPC importance is LOW for a
In some cases the default importance must be changed if e.g. an application
starves the LOW importance communication level.
To change the default importance, use the following configure command
- % ./configure CFLAGS=-DTIPCIMPORTANCE=level
+ % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level
where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or
TIPC_HIGH_IMPORTANCE
- e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE
+ e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE
Note: Giving same importance to AVND all other Opensaf models is not
preferred option. The behavior is unsupported.
+4) Configure GCC hardening options (optional)
+
+By default, the options -fstack-protector -D_FORTIFY_SOURCE=2 are passed to
+GCC for improved security. You can override these options by setting the
+OSAF_HARDEN_FLAGS when configuring OpenSAF. For example:
+
+ % ./configure OSAF_HARDEN_FLAGS=-fstack-protector-all -D_FORTIFY_SOURCE=2
+
If you are using a released archive (dist tarball) follow the simple common
steps:
diff --git a/configure.ac b/configure.ac
--- a/configure.ac
+++ b/configure.ac
@@ -545,6 +545,22 @@ if test $enable_imm_pbe = yes; then
PKG_CHECK_MODULES([SQLITE3], [sqlite3])
fi
+if test -z $OSAF_HARDEN_FLAGS; then
+ # _FORTIFY_SOURCE requires optimization, so only enable it in optimized
+ # builds, i.e. when -O is present in both CFLAGS and CXXFLAGS.
+ if echo ${CFLAGS} | grep -q -- -O; then
+ if echo ${CXXFLAGS} | grep -q -- -O; then
+ OSAF_HARDEN_FLAGS=-D_FORTIFY_SOURCE=2
+ fi
+ fi
+ # Also check for -O0 (which explicitly disables optimisation)
+ if echo ${CFLAGS} ${CXXFLAGS} | grep -q -- -O0; then
+ OSAF_HARDEN_FLAGS=
+ fi
+ OSAF_HARDEN_FLAGS=${OSAF_HARDEN_FLAGS} -fstack-protector
+fi
+AC_SUBST(OSAF_HARDEN_FLAGS)
+
#
# Checks for header files.
#
@@ -925,8 +941,10 @@ echo
echo Compiling Options:
echo ${ECHO_T} C Compiler: ${CC}
echo ${ECHO_T} C++ Compiler: ${CXX}
+echo ${ECHO_T} CPPFLAGS: ${CPPFLAGS} ${AM_CPPFLAGS}
echo ${ECHO_T} CFLAGS: ${CFLAGS}
