build: Add GCC stack-protector/SSP to default flag set * configure.ac: Add GCC SSP / -fstack-protector-strong to default flag set, when available, as part of defence in depth. At least some distros already use SSP by default and it can detect buffer overflows above a certain size.

commit: 40fc3dda2b7a345e447d2ef355108c987e59ed13 [log] [tgz]
author: Paul Jakma <paul.jakma@hpe.com> Tue Oct 11 16:00:27 2016 +0100
committer: Paul Jakma <paul@quagga.net> Mon Jan 23 18:51:58 2017 +0000
tree: 23e8600b8bf389d1766cd2461f0ee26cd6616215
parent: 867946bb8802c02049bf68a4e97843d777cbcb68 [diff] [blame]
diff --git a/configure.ac b/configure.ac
index deb48eb..1331dee 100755
--- a/configure.ac
+++ b/configure.ac

@@ -150,6 +150,7 @@
         AC_C_FLAG([-Os], [
           AC_C_FLAG([-O2])
         ])
+        AC_C_FLAG([-fstack-protector-strong])
         AC_C_FLAG([-fpie])
         AC_C_FLAG([-fno-omit-frame-pointer])
         AC_C_FLAG([-Wall])
commit	40fc3dda2b7a345e447d2ef355108c987e59ed13	[log] [tgz]
author	Paul Jakma <paul.jakma@hpe.com>	Tue Oct 11 16:00:27 2016 +0100
committer	Paul Jakma <paul@quagga.net>	Mon Jan 23 18:51:58 2017 +0000
tree	23e8600b8bf389d1766cd2461f0ee26cd6616215
parent	867946bb8802c02049bf68a4e97843d777cbcb68 [diff] [blame]