diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-10-19 13:07:28 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-10-19 15:36:48 -0400 |
commit | 6ab674ebff5e60c62b126d0ac2e774e581916afe (patch) | |
tree | 72e72448b982e3715630f091e3be4612244f6589 /nscd | |
parent | cf6d542db3dfe26402b6adaa740a578b54767f65 (diff) | |
download | glibc-6ab674ebff5e60c62b126d0ac2e774e581916afe.tar.gz |
use -fstack-protector-strong when available
With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage. Update the places in glibc that use ssp to use this flag
when it's available.
This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean. Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
make stack-protector=-fstack-protector-all
Diffstat (limited to 'nscd')
-rw-r--r-- | nscd/Makefile | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/nscd/Makefile b/nscd/Makefile index ede941d1b2..e1a1aa92fc 100644 --- a/nscd/Makefile +++ b/nscd/Makefile @@ -84,9 +84,7 @@ CPPFLAGS-nscd += -D_FORTIFY_SOURCE=2 ifeq (yesyes,$(have-fpie)$(build-shared)) CFLAGS-nscd += $(pie-ccflag) endif -ifeq (yes,$(have-ssp)) -CFLAGS-nscd += -fstack-protector -endif +CFLAGS-nscd += $(stack-protector) ifeq (yesyes,$(have-fpie)$(build-shared)) LDFLAGS-nscd = -Wl,-z,now |