pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Hardening: add -mbranch-protection=standard for arm64 that support it.

Browse Source 
e.g. raspberry pi 5, aws ec2 graviton2 and higher, etc.

This does the same as -fcf-protection on x64 (well, those that support it).
This commit is contained in:
Bram Matthys
2026-02-22 18:23:57 +01:00
parent 4d4a43984c
commit 5cc59192bc
2 changed files with 60 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configure.ac
+4 -1
View File
@@ -144,9 +144,12 @@ AS_IF([test x"$hardening" != x"no"], [
# Added in UnrealIRCd 5.0.5 (default on Ubuntu 19.10)
check_cc_flag([-fstack-clash-protection], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstack-clash-protection"])
# Control Flow Enforcement (ROP hardening) - requires CPU hardware support
# Control Flow Enforcement (ROP hardening) - requires CPU hardware support (x64)
check_cc_flag([-fcf-protection], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fcf-protection"])
# Similar to above but for arm64
check_cc_flag([-mbranch-protection=standard], [HARDEN_CFLAGS="$HARDEN_CFLAGS -mbranch-protection=standard"])
# Since we have moved from name[1] to name[], setting this should help bounds checking:
check_cc_flag([-fstrict-flex-arrays=3], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstrict-flex-arrays=3"])