1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
On Hardened we add or remove some options like -fstack-check,
-fstack-protector-all, -fstrict_overflow and -z now
--- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100
+++ b/libgcc/Makefile.in 2011-12-25 15:18:22.449610631 +0100
@@ -225,7 +225,7 @@ endif
LIBGCC2_DEBUG_CFLAGS = -g
LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \
$(LIBGCC2_DEBUG_CFLAGS) -DIN_LIBGCC2 \
- -fbuilding-libgcc -fno-stack-protector \
+ -fbuilding-libgcc -fno-stack-protector -fstack-check=no \
$(INHIBIT_LIBC_CFLAGS)
# Additional options to use when compiling libgcc2.a.
@@ -279,7 +290,7 @@ INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CF
-finhibit-size-directive -fno-inline -fno-exceptions \
-fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
-fbuilding-libgcc -fno-stack-protector $(FORCE_EXPLICIT_EH_REGISTRY) \
- $(INHIBIT_LIBC_CFLAGS)
+ -fstack-check=no $(INHIBIT_LIBC_CFLAGS)
# Extra flags to use when compiling crt{begin,end}.o.
CRTSTUFF_T_CFLAGS =
--- a/gcc/defaults.h 2016-01-04 15:30:50.000000000 +0100
+++ b/gcc/defaults.h 2016-05-02 22:23:43.815707806 +0200
@@ -1398,8 +1398,12 @@ see the files COPYING3 and COPYING.RUNTI
/* Default value for flag_stack_protect when flag_stack_protect is initialized to -1:
--enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong.
--disable-default-ssp: Default flag_stack_protect to 0.
+ Hardened: Default flag_stack_protect to -fstack-protector-all.
*/
#ifdef ENABLE_DEFAULT_SSP
+# ifdef EXTRA_OPTIONS
+# define DEFAULT_FLAG_SSP 2
+# endif
# ifndef DEFAULT_FLAG_SSP
# define DEFAULT_FLAG_SSP 3
# endif
--- a/gcc/gcc.c 2016-02-19 23:18:38.000000000 +0100
+++ b/gcc/gcc.c 2016-05-02 22:56:10.185721270 +0200
@@ -868,6 +868,13 @@ proper position among the other output f
#endif
#endif
+#define STACK_CHECK_SPEC ""
+#ifdef EXTRA_OPTIONS
+#define LINK_NOW_SPEC "%{!nonow:-z now} "
+#else
+#define LINK_NOW_SPEC ""
+#endif
+
#ifdef ENABLE_DEFAULT_PIE
#define NO_PIE_SPEC "no-pie|static"
#define PIE_SPEC NO_PIE_SPEC "|r|shared:;"
@@ -1013,7 +1020,7 @@ proper position among the other output f
%(linker) " \
LINK_PLUGIN_SPEC \
"%{flto|flto=*:%<fcompare-debug*} \
- %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
+ %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC LINK_NOW_SPEC \
"%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
"%X %{o*} %{e*} %{N} %{n} %{r}\
%{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \
@@ -1052,7 +1059,11 @@ proper position among the other output f
static const char *asm_debug = ASM_DEBUG_SPEC;
static const char *cpp_spec = CPP_SPEC;
+#ifdef EXTRA_OPTIONS
+static const char *cc1_spec = CC1_SPEC STACK_CHECK_SPEC;
+#else
static const char *cc1_spec = CC1_SPEC;
+#endif
static const char *cc1plus_spec = CC1PLUS_SPEC;
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
static const char *link_ssp_spec = LINK_SSP_SPEC;
--- a/gcc/opts.c 2016-03-17 16:11:35.000000000 +0100
+++ b/gcc/opts.c 2016-04-27 16:48:59.952580580 +0200
@@ -495,7 +495,9 @@ static const struct default_options defa
{ OPT_LEVELS_2_PLUS, OPT_fschedule_insns2, NULL, 1 },
#endif
{ OPT_LEVELS_2_PLUS, OPT_fstrict_aliasing, NULL, 1 },
+#ifndef EXTRA_OPTIONS
{ OPT_LEVELS_2_PLUS, OPT_fstrict_overflow, NULL, 1 },
+#endif
{ OPT_LEVELS_2_PLUS_SPEED_ONLY, OPT_freorder_blocks_algorithm_, NULL,
REORDER_BLOCKS_ALGORITHM_STC },
{ OPT_LEVELS_2_PLUS, OPT_freorder_functions, NULL, 1 },
|