compiler: -fexceptions hardening

This hardens multi-threaded C. Without it, the implementation of thread cancellation handlers (introduced by pthread_cleanup_push) uses a completely unprotected function pointer on the stack. This function pointer can simplify the exploitation of stack-based buffer overflows even if the thread in question is never canceled. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -fexceptions hardening
e74d1fd9 · Christian Brauner · a40093c6 · e74d1fd9
Unverified Commit e74d1fd9 authored Mar 11, 2019 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

configure.ac configure.ac +1 -0

No files found.
--- a/configure.ac
+++ b/configure.ac
@@ -721,6 +721,7 @@ AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror])

 AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
 AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])