This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH 8/12 ] New configure option --enable-espf=(all|ssp|pie|no)
- From: Magnus Granberg <zorry at gentoo dot org>
- To: gcc-patches at gcc dot gnu dot org
- Date: Fri, 07 Sep 2012 16:21:54 +0200
- Subject: [PATCH 8/12 ] New configure option --enable-espf=(all|ssp|pie|no)
Patch: gcc_doc.patch
Add notes to the command line options and info about the new configure option.
Gentoo Hardened Project
Magnus Granberg
--- a/gcc/doc/invoke.texi 2012-03-01 10:57:59.000000000 +0100
+++ b/gcc/doc/invoke.texi 2012-07-30 00:57:03.766847851 +0200
@@ -3216,6 +3216,10 @@ aspects of format checking, the options
@option{-Wformat-nonliteral}, @option{-Wformat-security}, and
@option{-Wformat=2} are available, but are not included in @option{-Wall}.
+NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}is
+this option enabled by default for C, C++, ObjC, ObjC++.
+To disable, use @option{-Wformat=0}.
+
@item -Wformat-y2k
@opindex Wformat-y2k
@opindex Wno-format-y2k
@@ -3269,6 +3273,12 @@ currently a subset of what @option{-Wfor
in future warnings may be added to @option{-Wformat-security} that are not
included in @option{-Wformat-nonliteral}.)
+NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]} is
+this option enabled by default for C, C++, ObjC, ObjC++. To disable,
+use @option{-Wno-format-security}, or disable all format warnings
+with @option{-Wformat=0}. To make format security warnings fatal,
+specify @option{-Werror=format-security}.
+
@item -Wformat=2
@opindex Wformat=2
@opindex Wno-format=2
@@ -6229,6 +6239,13 @@ also turns on the following optimization
Please note the warning under @option{-fgcse} about
invoking @option{-O2} on programs that use computed gotos.
+NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]},
+@option{-D_FORTIFY_SOURCE=2} is set by default, and is activated
+when @option{-O} is set to 2 or higher. This enables additional
+compile-time and run-time checks for several libc functions.
+To disable, specify either @option{-U_FORTIFY_SOURCE} or
+@option{-D_FORTIFY_SOURCE=0}.
+
@item -O3
@opindex O3
Optimize yet more. @option{-O3} turns on all optimizations specified
@@ -8475,6 +8492,12 @@ functions with buffers larger than 8 byt
when a function is entered and then checked when the function exits.
If a guard check fails, an error message is printed and the program exits.
+NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option
+is enabled by default for C, C++, ObjC, ObjC++, if none of
+@option{-fno-stack-protector}, @option{-nostdlib},
+@option{-fno-stack-protector-all}, @option{nodefaultlibs},
+nor @option{-ffreestanding} are found.
+
@item -fstack-protector-all
@opindex fstack-protector-all
Like @option{-fstack-protector} except that all functions are protected.
@@ -9457,6 +9480,12 @@ For predictable results, you must also s
that were used to generate code (@option{-fpie}, @option{-fPIE},
or model suboptions) when you specify this option.
+NOTE: With configure --enable-espf=@r{[}all@r{|}pie@r{]} this option is
+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
+@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
+@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
+@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found.
+
@item -rdynamic
@opindex rdynamic
Pass the flag @option{-export-dynamic} to the ELF linker, on targets
@@ -19125,6 +19154,12 @@ used during linking.
@code{__pie__} and @code{__PIE__}. The macros have the value 1
for @option{-fpie} and 2 for @option{-fPIE}.
+NOTE: With configure --enable-espf=@r{[}all@r{|}pie@r{]} this option is
+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
+@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
+@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
+@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found.
+
@item -fno-jump-tables
@opindex fno-jump-tables
Do not use jump tables for switch statements even where it would be
--- a/gcc/doc/install.texi 2012-03-02 10:37:30.000000000 +0100
+++ b/gcc/doc/install.texi 2012-07-23 18:05:14.160784593 +0200
@@ -1392,6 +1392,18 @@ do a @samp{make -C gcc gnatlib_and_tools
Specify that the run-time libraries for stack smashing protection
should not be built.
+@item --enable-espf=@var{list}
+Will turn on some compiler and preprosessor options as default.
+@option{-D_FORTIFY_SOURCE=2}, @option{-Wformat} and
+@option{-Wformat-security} will be turn on as default and depend on
+if you use @samp{all} it will turn on @option{-fstack-protection}and
+@option{-fPIE} and @option{-pie} by default. if the support is there. If you
+use @samp{ssp} it will turn on @option{-fstack-protection} by default if the
+support is there. If you use @samp{pie} it will turn on @option{-fPIE} and
+@option{-pie} by default if the support is there. If you use @samp{no} it will
+not turn on any options. We only support i?86*-*-linux* and
+x86_64*-*-linux* as target for now.
+
@item --disable-libquadmath
Specify that the GCC quad-precision math library should not be built.
On some systems, the library is required to be linkable when building