configure.ac: Added --disable-hardening command line option.

This option may be used to disable harding options (enabled by default).

diff --git a/configure.ac b/configure.ac
index e0fd5dbcab30485e671c6c022012d05ac7e884fc..d3f05aa19de3257758a82d1e5d2a76f497069da9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,36 @@ if test "x$enable_standards" = "xyes"; then
        done
 fi
 
+dnl Hardening (see e.g. http://wiki.debian.org/Hardening for a motivation).
+AC_DEFINE([_FORTIFY_SOURCE], 2,
+               [Define to enable protection against static sized buffer overflows.])
+AC_ARG_ENABLE([hardening],
+               AS_HELP_STRING([--disable-hardening],
+                               [Disable hardening options]),
+               [enable_hardening="$enableval"],
+               [enable_hardening="yes"])
+
+if test "x$enable_hardening" = "xyes"; then
+       hardening=0
+       hardening_tests=0
+       for flag in -Wformat -Wformat-security; do
+               hardening_tests=$(($hardening_tests + 1))
+               AC_MSG_CHECKING([whether $CC accepts $flag])
+
+               if test_cc_flags $flag; then
+                       CFLAGS="$CFLAGS $flag"
+                       hardening=$(($hardening + 1))
+                       AC_MSG_RESULT([yes])
+               else
+                       AC_MSG_RESULT([no])
+               fi
+       done
+       if test $hardening -ne $hardening_tests; then
+               AC_MSG_WARN(
+                               [Some hardening options are not supported by your compiler!])
+       fi
+fi
+
 for flag in -Wall -Wextra -Werror; do
        AC_MSG_CHECKING([whether $CC accepts $flag])