Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
The page is explaining more about the "order" of these flags. My interest in this page was more to do with the order in which these flags would get 'applied' on to the AM_**flags (and not in the context of C or C++!!) Basically wanted to be sure of any further chance of 'overwriding' of these flags. Cheers, Mathi. > -Original Message- > From: Anders Widell [mailto:anders.wid...@ericsson.com] > Sent: Friday, December 13, 2013 9:28 PM > To: Mathivanan Naickan Palanivelu > Cc: opensaf-devel@lists.sourceforge.net > Subject: Re: [PATCH 1 of 1] build: Add extra GCC hardening compilation flags > [#650] > > It was an interesting page; I haven't read it before. Btw the name CPPFLAGS > could be confusing at first: "CPP" stands for C PreProcessor, not "C Plus > Plus". > So it applies to both C and C++ code. > > regards, > Anders Widell > > 2013-12-13 11:34, Mathivanan Naickan Palanivelu skrev: > > Ack. > > I was going through this link to review this patch. > > http://www.gnu.org/software/automake/manual/html_node/Flag- > Variables-O > > rdering.html > > It might be of interest to you too. > > Basically, I wanted to figure out whether CPP_FLAGS should be passed > > to AM_CPP FLAGS or to AM_CXX FLAGS. > > - Mathi. > > > >> -Original Message- > >> From: Anders Widell [mailto:anders.wid...@ericsson.com] > >> Sent: Monday, December 09, 2013 5:15 PM > >> To: Mathivanan Naickan Palanivelu > >> Cc: opensaf-devel@lists.sourceforge.net > >> Subject: [PATCH 1 of 1] build: Add extra GCC hardening compilation > >> flags [#650] > >> > >> 00-README.conf | 2 +- > >> Makefile.common | 4 ++-- > >> README | 16 > >> configure.ac | 18 ++ > >> tools/cluster_sim_uml/README | 2 +- > >> 5 files changed, 34 insertions(+), 8 deletions(-) > >> > >> > >> By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 > >> -fstack-protector" for improved security and enhanced run-time error > >> detection. The flags can be overridden by setting the environment > >> variable OSAF_HARDEN_FLAGS when building OpenSAF. > >> > >> Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To > >> reduce the risk that a user accidentally builds without optimization > >> by overriding the default CFLAGS and/or CXXFLAGS, the README files > >> have been updated to recommend passing preprocessor definitions using > >> CPPFLAGS instead of CFLAGS. > >> > >> diff --git a/00-README.conf b/00-README.conf > >> --- a/00-README.conf > >> +++ b/00-README.conf > >> @@ -85,7 +85,7 @@ file does not have to be changed unless: > >> - OpenSAF should run as a different UNIX group and user than the > >> default 'opensaf' > >> group/user. > >> > >> - If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then > >> + If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", > >> then > >>change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old > >> (<4.2) behaviour. > >> > >>For any other user, change OPENSAF_GROUP and OPENSAF_USER > >> accordingly diff --git a/Makefile.common b/Makefile.common > >> --- a/Makefile.common > >> +++ b/Makefile.common > >> @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ > >>$(CORE_INCLUDES) \ > >>$(all_includes) > >> > >> -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = > >> -Wall -fno-strict-aliasing -Werror -fPIC - D__STDC_FORMAT_MACROS > >> +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC > >> @OSAF_HARDEN_FLAGS@ > >> +AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - > >> D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ > >> AM_LDFLAGS = -ldl -lrt -lpthread > >> > >> # > >> diff --git a/README b/README > >> --- a/README > >> +++ b/README > >> @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. > >> To re-enable the old (pre 4.3) non flat addressing, configure the > >> constant > >> MDS_USE_SUBSLOT_ID=1 at configure time as in: > >> > >> -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > >> +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > >> > >> In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID > >> is > >> added in the 4 LSB. The consequence of this is reduced number of @@ > >> -308,7 +308,7 @@ 2) Run as root (optional) > >> If the old (<4.2) behaviour of running all processes as root is desired, > >> use > >> the following configure command: > >> > >> -% ./configure CFLAGS=-DRUNASROOT > >> +% ./configure CPPFLAGS=-DRUNASROOT > >> > >> > >> 3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The > >> default TIPC importance is LOW for a > >> In some cases the default importance must be changed if e.g. an > >> application starves the LOW importance communication level. > >> To change the default importance, use the following configure > >> command > >> > >> - % ./configure CFLAGS=-DTIPCIMPORTANCE=level > >> + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level > >> where level is
Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
It was an interesting page; I haven't read it before. Btw the name CPPFLAGS could be confusing at first: "CPP" stands for C PreProcessor, not "C Plus Plus". So it applies to both C and C++ code. regards, Anders Widell 2013-12-13 11:34, Mathivanan Naickan Palanivelu skrev: > Ack. > I was going through this link to review this patch. > http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html > It might be of interest to you too. > Basically, I wanted to figure out whether CPP_FLAGS should be passed to > AM_CPP FLAGS or > to AM_CXX FLAGS. > - Mathi. > >> -Original Message- >> From: Anders Widell [mailto:anders.wid...@ericsson.com] >> Sent: Monday, December 09, 2013 5:15 PM >> To: Mathivanan Naickan Palanivelu >> Cc: opensaf-devel@lists.sourceforge.net >> Subject: [PATCH 1 of 1] build: Add extra GCC hardening compilation flags >> [#650] >> >> 00-README.conf | 2 +- >> Makefile.common | 4 ++-- >> README | 16 >> configure.ac | 18 ++ >> tools/cluster_sim_uml/README | 2 +- >> 5 files changed, 34 insertions(+), 8 deletions(-) >> >> >> By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 >> -fstack-protector" for improved security and enhanced run-time error >> detection. The flags can be overridden by setting the environment variable >> OSAF_HARDEN_FLAGS when building OpenSAF. >> >> Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To >> reduce the >> risk that a user accidentally builds without optimization by overriding the >> default CFLAGS and/or CXXFLAGS, the README files have been updated to >> recommend >> passing preprocessor definitions using CPPFLAGS instead of CFLAGS. >> >> diff --git a/00-README.conf b/00-README.conf >> --- a/00-README.conf >> +++ b/00-README.conf >> @@ -85,7 +85,7 @@ file does not have to be changed unless: >> - OpenSAF should run as a different UNIX group and user than the default >> 'opensaf' >> group/user. >> >> -If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then >> +If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", >> then >> change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old >> (<4.2) behaviour. >> >> For any other user, change OPENSAF_GROUP and OPENSAF_USER >> accordingly >> diff --git a/Makefile.common b/Makefile.common >> --- a/Makefile.common >> +++ b/Makefile.common >> @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ >> $(CORE_INCLUDES) \ >> $(all_includes) >> >> -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC >> -AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - >> D__STDC_FORMAT_MACROS >> +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC >> @OSAF_HARDEN_FLAGS@ >> +AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - >> D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ >> AM_LDFLAGS = -ldl -lrt -lpthread >> >> # >> diff --git a/README b/README >> --- a/README >> +++ b/README >> @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. >> To re-enable the old (pre 4.3) non flat addressing, configure the constant >> MDS_USE_SUBSLOT_ID=1 at configure time as in: >> >> -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." >> +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." >> >> In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is >> added in the 4 LSB. The consequence of this is reduced number of >> @@ -308,7 +308,7 @@ 2) Run as root (optional) >> If the old (<4.2) behaviour of running all processes as root is desired, >> use >> the following configure command: >> >> -% ./configure CFLAGS=-DRUNASROOT >> +% ./configure CPPFLAGS=-DRUNASROOT >> >> >> 3) Configure TIPC importance (optional) >> @@ -317,13 +317,21 @@ The default TIPC importance is LOW for a >> In some cases the default importance must be changed if e.g. an application >> starves the LOW importance communication level. >> To change the default importance, use the following configure command >> >> - % ./configure CFLAGS=-DTIPCIMPORTANCE=level >> + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level >> where level is any of TIPC_LOW_IMPORTANCE, >> TIPC_MEDIUM_IMPORTANCE or TIPC_HIGH_IMPORTANCE >> - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE >> + e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE >> >> Note: Giving same importance to AVND & all other Opensaf models is not >> preferred option. The behavior is unsupported. >> >> >> +4) Configure GCC hardening options (optional) >> + >> +By default, the options "-fstack-protector -D_FORTIFY_SOURCE=2" are >> passed to >> +GCC for improved security. You can override these options by setting the >> +OSAF_HARDEN_FLAGS when configuring OpenSAF. For example: >> + >> + % ./configure OSAF_HARDEN_FLAGS="-fstack-protector-all - >> D_FORTIFY_SOURCE=2" >> + >> If you are using a released archive (dist tarball) follow the simple common >> steps: >> >> diff
Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
Ack. I was going through this link to review this patch. http://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html It might be of interest to you too. Basically, I wanted to figure out whether CPP_FLAGS should be passed to AM_CPP FLAGS or to AM_CXX FLAGS. - Mathi. > -Original Message- > From: Anders Widell [mailto:anders.wid...@ericsson.com] > Sent: Monday, December 09, 2013 5:15 PM > To: Mathivanan Naickan Palanivelu > Cc: opensaf-devel@lists.sourceforge.net > Subject: [PATCH 1 of 1] build: Add extra GCC hardening compilation flags > [#650] > > 00-README.conf | 2 +- > Makefile.common | 4 ++-- > README | 16 > configure.ac | 18 ++ > tools/cluster_sim_uml/README | 2 +- > 5 files changed, 34 insertions(+), 8 deletions(-) > > > By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 > -fstack-protector" for improved security and enhanced run-time error > detection. The flags can be overridden by setting the environment variable > OSAF_HARDEN_FLAGS when building OpenSAF. > > Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To > reduce the > risk that a user accidentally builds without optimization by overriding the > default CFLAGS and/or CXXFLAGS, the README files have been updated to > recommend > passing preprocessor definitions using CPPFLAGS instead of CFLAGS. > > diff --git a/00-README.conf b/00-README.conf > --- a/00-README.conf > +++ b/00-README.conf > @@ -85,7 +85,7 @@ file does not have to be changed unless: > - OpenSAF should run as a different UNIX group and user than the default > 'opensaf' >group/user. > > - If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then > + If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", > then > change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old > (<4.2) behaviour. > > For any other user, change OPENSAF_GROUP and OPENSAF_USER > accordingly > diff --git a/Makefile.common b/Makefile.common > --- a/Makefile.common > +++ b/Makefile.common > @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ > $(CORE_INCLUDES) \ > $(all_includes) > > -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC > -AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - > D__STDC_FORMAT_MACROS > +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC > @OSAF_HARDEN_FLAGS@ > +AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC - > D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ > AM_LDFLAGS = -ldl -lrt -lpthread > > # > diff --git a/README b/README > --- a/README > +++ b/README > @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. > To re-enable the old (pre 4.3) non flat addressing, configure the constant > MDS_USE_SUBSLOT_ID=1 at configure time as in: > > -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > > In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is > added in the 4 LSB. The consequence of this is reduced number of > @@ -308,7 +308,7 @@ 2) Run as root (optional) > If the old (<4.2) behaviour of running all processes as root is desired, use > the following configure command: > > -% ./configure CFLAGS=-DRUNASROOT > +% ./configure CPPFLAGS=-DRUNASROOT > > > 3) Configure TIPC importance (optional) > @@ -317,13 +317,21 @@ The default TIPC importance is LOW for a > In some cases the default importance must be changed if e.g. an application > starves the LOW importance communication level. > To change the default importance, use the following configure command > > - % ./configure CFLAGS=-DTIPCIMPORTANCE=level > + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level > where level is any of TIPC_LOW_IMPORTANCE, > TIPC_MEDIUM_IMPORTANCE or TIPC_HIGH_IMPORTANCE > - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE > + e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE > > Note: Giving same importance to AVND & all other Opensaf models is not > preferred option. The behavior is unsupported. > > > +4) Configure GCC hardening options (optional) > + > +By default, the options "-fstack-protector -D_FORTIFY_SOURCE=2" are > passed to > +GCC for improved security. You can override these options by setting the > +OSAF_HARDEN_FLAGS when configuring OpenSAF. For example: > + > + % ./configure OSAF_HARDEN_FLAGS="-fstack-protector-all - > D_FORTIFY_SOURCE=2" > + > If you are using a released archive (dist tarball) follow the simple common > steps: > > diff --git a/configure.ac b/configure.ac > --- a/configure.ac > +++ b/configure.ac > @@ -545,6 +545,22 @@ if test "$enable_imm_pbe" = yes; then > PKG_CHECK_MODULES([SQLITE3], [sqlite3]) > fi > > +if test -z "$OSAF_HARDEN_FLAGS"; then > + # _FORTIFY_SOURCE requires optimization, so only enable it in > optimized > + # builds, i.e. when -O is present in both CFLAGS and CXXFLAGS. > + if echo
Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
Ok, I will close both of them when this is fixed. regards, Anders Widell 2013-12-10 15:57, Hans Nordebäck skrev: > a ticket for this already exists > http://sourceforge.net/p/opensaf/tickets/320/ /BR HansN > > -Original Message- > From: Anders Widell [mailto:anders.wid...@ericsson.com] > Sent: den 9 december 2013 12:45 > To: mathi.naic...@oracle.com > Cc: opensaf-devel@lists.sourceforge.net > Subject: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation > flags [#650] > > 00-README.conf | 2 +- > Makefile.common | 4 ++-- > README | 16 > configure.ac | 18 ++ > tools/cluster_sim_uml/README | 2 +- > 5 files changed, 34 insertions(+), 8 deletions(-) > > > By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 > -fstack-protector" for improved security and enhanced run-time error > detection. The flags can be overridden by setting the environment variable > OSAF_HARDEN_FLAGS when building OpenSAF. > > Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce > the risk that a user accidentally builds without optimization by overriding > the default CFLAGS and/or CXXFLAGS, the README files have been updated to > recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS. > > diff --git a/00-README.conf b/00-README.conf > --- a/00-README.conf > +++ b/00-README.conf > @@ -85,7 +85,7 @@ file does not have to be changed unless: > - OpenSAF should run as a different UNIX group and user than the default > 'opensaf' > group/user. > > - If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then > + If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", then > change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (<4.2) > behaviour. > > For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly > diff --git a/Makefile.common b/Makefile.common > --- a/Makefile.common > +++ b/Makefile.common > @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ > $(CORE_INCLUDES) \ > $(all_includes) > > -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = -Wall > -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS > +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC > +@OSAF_HARDEN_FLAGS@ AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror > +-fPIC -D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ > AM_LDFLAGS = -ldl -lrt -lpthread > > # > diff --git a/README b/README > --- a/README > +++ b/README > @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. > To re-enable the old (pre 4.3) non flat addressing, configure the constant > MDS_USE_SUBSLOT_ID=1 at configure time as in: > > -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." > > In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is > added in the 4 LSB. The consequence of this is reduced number of @@ -308,7 > +308,7 @@ 2) Run as root (optional) If the old (<4.2) behaviour of running > all processes as root is desired, use the following configure command: > > -% ./configure CFLAGS=-DRUNASROOT > +% ./configure CPPFLAGS=-DRUNASROOT > > > 3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The default > TIPC importance is LOW for a In some cases the default importance must be > changed if e.g. an application starves the LOW importance communication level. > To change the default importance, use the following configure command > > - % ./configure CFLAGS=-DTIPCIMPORTANCE=level > + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level > where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or > TIPC_HIGH_IMPORTANCE > - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE > + e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE > > Note: Giving same importance to AVND & all other Opensaf models is not > preferred option. The behavior is unsupported. > > > +4) Configure GCC hardening options (optional) > + > +By default, the options "-fstack-protector -D_FORTIFY_SOURCE=2" are > +passed to GCC for improved security. You can override these options by > +setting the OSAF_HARDEN_FLAGS when configuring OpenSAF. For example: > + > + % ./configure OSAF_HARDEN_FLAGS="-fstack-protector-all > -D_FORTIFY_SOURCE=2" > + > If you are using a released archive (dist tarball) follow the simple common > steps: > > diff --git a/configure.ac b/config
Re: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
a ticket for this already exists http://sourceforge.net/p/opensaf/tickets/320/ /BR HansN -Original Message- From: Anders Widell [mailto:anders.wid...@ericsson.com] Sent: den 9 december 2013 12:45 To: mathi.naic...@oracle.com Cc: opensaf-devel@lists.sourceforge.net Subject: [devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650] 00-README.conf | 2 +- Makefile.common | 4 ++-- README | 16 configure.ac | 18 ++ tools/cluster_sim_uml/README | 2 +- 5 files changed, 34 insertions(+), 8 deletions(-) By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 -fstack-protector" for improved security and enhanced run-time error detection. The flags can be overridden by setting the environment variable OSAF_HARDEN_FLAGS when building OpenSAF. Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce the risk that a user accidentally builds without optimization by overriding the default CFLAGS and/or CXXFLAGS, the README files have been updated to recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS. diff --git a/00-README.conf b/00-README.conf --- a/00-README.conf +++ b/00-README.conf @@ -85,7 +85,7 @@ file does not have to be changed unless: - OpenSAF should run as a different UNIX group and user than the default 'opensaf' group/user. - If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then + If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", then change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (<4.2) behaviour. For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly diff --git a/Makefile.common b/Makefile.common --- a/Makefile.common +++ b/Makefile.common @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ $(CORE_INCLUDES) \ $(all_includes) -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC +@OSAF_HARDEN_FLAGS@ AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror +-fPIC -D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ AM_LDFLAGS = -ldl -lrt -lpthread # diff --git a/README b/README --- a/README +++ b/README @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. To re-enable the old (pre 4.3) non flat addressing, configure the constant MDS_USE_SUBSLOT_ID=1 at configure time as in: -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is added in the 4 LSB. The consequence of this is reduced number of @@ -308,7 +308,7 @@ 2) Run as root (optional) If the old (<4.2) behaviour of running all processes as root is desired, use the following configure command: -% ./configure CFLAGS=-DRUNASROOT +% ./configure CPPFLAGS=-DRUNASROOT 3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The default TIPC importance is LOW for a In some cases the default importance must be changed if e.g. an application starves the LOW importance communication level. To change the default importance, use the following configure command - % ./configure CFLAGS=-DTIPCIMPORTANCE=level + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or TIPC_HIGH_IMPORTANCE - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE + e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE Note: Giving same importance to AVND & all other Opensaf models is not preferred option. The behavior is unsupported. +4) Configure GCC hardening options (optional) + +By default, the options "-fstack-protector -D_FORTIFY_SOURCE=2" are +passed to GCC for improved security. You can override these options by +setting the OSAF_HARDEN_FLAGS when configuring OpenSAF. For example: + + % ./configure OSAF_HARDEN_FLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2" + If you are using a released archive (dist tarball) follow the simple common steps: diff --git a/configure.ac b/configure.ac --- a/configure.ac +++ b/configure.ac @@ -545,6 +545,22 @@ if test "$enable_imm_pbe" = yes; then PKG_CHECK_MODULES([SQLITE3], [sqlite3]) fi +if test -z "$OSAF_HARDEN_FLAGS"; then + # _FORTIFY_SOURCE requires optimization, so only enable it in optimized + # builds, i.e. when -O is present in both CFLAGS and CXXFLAGS. + if echo "${CFLAGS}" | grep -q -- -O; then + if echo "${CXXFLAGS}" | grep -q -- -O; then + OSAF_HARDEN_FLAGS="-D_FORTIFY_SOURCE=2" + fi + fi + # Also check for -O0 (which explicitly disables optimisati
[devel] [PATCH 1 of 1] build: Add extra GCC hardening compilation flags [#650]
00-README.conf | 2 +- Makefile.common | 4 ++-- README | 16 configure.ac | 18 ++ tools/cluster_sim_uml/README | 2 +- 5 files changed, 34 insertions(+), 8 deletions(-) By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 -fstack-protector" for improved security and enhanced run-time error detection. The flags can be overridden by setting the environment variable OSAF_HARDEN_FLAGS when building OpenSAF. Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce the risk that a user accidentally builds without optimization by overriding the default CFLAGS and/or CXXFLAGS, the README files have been updated to recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS. diff --git a/00-README.conf b/00-README.conf --- a/00-README.conf +++ b/00-README.conf @@ -85,7 +85,7 @@ file does not have to be changed unless: - OpenSAF should run as a different UNIX group and user than the default 'opensaf' group/user. - If OpenSAF was built with the flags "CFLAGS=-DRUNASROOT", then + If OpenSAF was built with the flags "CPPFLAGS=-DRUNASROOT", then change OPENSAF_GROUP and OPENSAF_USER to root i.e. for old (<4.2) behaviour. For any other user, change OPENSAF_GROUP and OPENSAF_USER accordingly diff --git a/Makefile.common b/Makefile.common --- a/Makefile.common +++ b/Makefile.common @@ -12,8 +12,8 @@ AM_CPPFLAGS = \ $(CORE_INCLUDES) \ $(all_includes) -AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS +AM_CFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC @OSAF_HARDEN_FLAGS@ +AM_CXXFLAGS = -Wall -fno-strict-aliasing -Werror -fPIC -D__STDC_FORMAT_MACROS @OSAF_HARDEN_FLAGS@ AM_LDFLAGS = -ldl -lrt -lpthread # diff --git a/README b/README --- a/README +++ b/README @@ -293,7 +293,7 @@ 1.1.1, 1.1.2 etc. To re-enable the old (pre 4.3) non flat addressing, configure the constant MDS_USE_SUBSLOT_ID=1 at configure time as in: -% ./configure CFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." +% ./configure CPPFLAGS="-DMDS_USE_SUBSLOT_ID=1 ..." In the non flat scheme, the slot ID is shifted up 4 bits and subslot ID is added in the 4 LSB. The consequence of this is reduced number of @@ -308,7 +308,7 @@ 2) Run as root (optional) If the old (<4.2) behaviour of running all processes as root is desired, use the following configure command: -% ./configure CFLAGS=-DRUNASROOT +% ./configure CPPFLAGS=-DRUNASROOT 3) Configure TIPC importance (optional) @@ -317,13 +317,21 @@ The default TIPC importance is LOW for a In some cases the default importance must be changed if e.g. an application starves the LOW importance communication level. To change the default importance, use the following configure command - % ./configure CFLAGS=-DTIPCIMPORTANCE=level + % ./configure CPPFLAGS=-DTIPCIMPORTANCE=level where level is any of TIPC_LOW_IMPORTANCE, TIPC_MEDIUM_IMPORTANCE or TIPC_HIGH_IMPORTANCE - e.g. configure CFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE + e.g. configure CPPFLAGS=-DTIPCIMPORTANCE=TIPC_HIGH_IMPORTANCE Note: Giving same importance to AVND & all other Opensaf models is not preferred option. The behavior is unsupported. +4) Configure GCC hardening options (optional) + +By default, the options "-fstack-protector -D_FORTIFY_SOURCE=2" are passed to +GCC for improved security. You can override these options by setting the +OSAF_HARDEN_FLAGS when configuring OpenSAF. For example: + + % ./configure OSAF_HARDEN_FLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2" + If you are using a released archive (dist tarball) follow the simple common steps: diff --git a/configure.ac b/configure.ac --- a/configure.ac +++ b/configure.ac @@ -545,6 +545,22 @@ if test "$enable_imm_pbe" = yes; then PKG_CHECK_MODULES([SQLITE3], [sqlite3]) fi +if test -z "$OSAF_HARDEN_FLAGS"; then + # _FORTIFY_SOURCE requires optimization, so only enable it in optimized + # builds, i.e. when -O is present in both CFLAGS and CXXFLAGS. + if echo "${CFLAGS}" | grep -q -- -O; then + if echo "${CXXFLAGS}" | grep -q -- -O; then + OSAF_HARDEN_FLAGS="-D_FORTIFY_SOURCE=2" + fi + fi + # Also check for -O0 (which explicitly disables optimisation) + if echo "${CFLAGS} ${CXXFLAGS}" | grep -q -- -O0; then + OSAF_HARDEN_FLAGS="" + fi + OSAF_HARDEN_FLAGS="${OSAF_HARDEN_FLAGS} -fstack-protector" +fi +AC_SUBST(OSAF_HARDEN_FLAGS) + # # Checks for header files. # @@ -925,8 +941,10 @@ echo "" echo " Compiling Options:" echo "${ECHO_T} C Compiler: ${CC}" echo "${ECHO_T} C++ Compiler: ${CXX}" +echo "${ECHO_T} CPPFLAGS: ${CPPFLAGS} ${AM_CPPFLA