From a908793d8c816ba8e08950f7407de2ea9d144800 Mon Sep 17 00:00:00 2001
Message-Id: <a908793d8c816ba8e08950f7407de2ea9d144800.1622734184.git.dcaratti@redhat.com>
From: dddaniel <d.danzberger@ddf-software.de>
Date: Fri, 23 Apr 2021 23:19:23 +0200
Subject: [PATCH] configure: add --disable-stack-protection option (#125)

Enabling -DFORTIFY_SOURCE=* and -fstack-protector-* by default may
overwrite global (build) system settings, causing redefinition errors at
compile time.
---
 configure.ac | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3d6a2f0..4be1b81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -255,24 +255,37 @@ AX_APPEND_COMPILE_FLAGS([-Wextra -Werror -pedantic])
 # ---------------------------------------------------------------
 # Enable compile-time defense
 # ---------------------------------------------------------------
-# Fortify source
-# Enabling optimization implies _FORTIFY_SOURCE on some platforms.
-# Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
-# desired fortification level.
-AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
-AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
+
+AC_ARG_ENABLE(stack-protection,
+	[AS_HELP_STRING([--disable-stack-protection],
+		[Disable compiler stack protection.
+		FORTIFY_SOURCE=2 and -fstack-protector-strong]
+	)],
+	[],
+	[enable_stack_protection=yes])
+
+AS_IF([test "x$enable_stack_protection" = "xyes"],
+	[
+	# Fortify source
+	# Enabling optimization implies _FORTIFY_SOURCE on some platforms.
+	# Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
+	# desired fortification level.
+	AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
+	AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
+
+	# Stack-based buffer overrun detection
+	MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
+	                        [# GCC < 4.9
+	                         MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
+	                        ])
+	],[]
+	)
 
 # Format string vulnerabilities
 # -Wformat=2 implies:
 #    -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
 AX_APPEND_COMPILE_FLAGS([-Wformat=2])
 
-# Stack-based buffer overrun detection
-MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
-                        [# GCC < 4.9
-                         MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
-                        ])
-
 # Position Independent Execution (PIE)
 AX_APPEND_COMPILE_FLAGS([-fPIE], [EXECUTABLE_CFLAGS])
 AC_SUBST([EXECUTABLE_CFLAGS])
-- 
2.31.1