From 8f06d3eeb6f69d44edcfaef8f1fd9cbe598f3cc9 Mon Sep 17 00:00:00 2001 From: Siddharth Sharma Date: Thu, 14 May 2015 18:31:09 +0000 Subject: [PATCH] Enable security hardening flags globally --- src/Makefile-env.am | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/Makefile-env.am b/src/Makefile-env.am index e9d0404f0f1..aded67a7209 100644 --- a/src/Makefile-env.am +++ b/src/Makefile-env.am @@ -51,6 +51,33 @@ endif ################################## ## automake environment +HARDENING_CFLAGS = \ + -O2 \ + -g \ + -pipe \ + -Wl,-z,relro \ + -Wall \ + -Wp,-D_FORTIFY_SOURCE=2 \ + -fexceptions \ + --param=ssp-buffer-size=4 \ + -grecord-gcc-switches \ + -fPIE + +SET_STACK_PROTECTOR_STRONG = $(shell expr `gcc -dumpversion` \>= 4.9) + + ifeq ($(SET_STACK_PROTECTOR_STRONG),1) + HARDENING_CFLAGS += -fstack-protector-strong + else + HARDENING_CFLAGS += -fstack-protector + endif + + +HARDENING_LDFLAGS = \ + -pie \ + -Wl,-z,relro \ + -Wl,-z,now + + AM_COMMON_CPPFLAGS = \ -D__CEPH__ \ -D_FILE_OFFSET_BITS=64 \ @@ -75,14 +102,14 @@ if !CLANG AM_COMMON_CFLAGS += -rdynamic endif -AM_CFLAGS = $(AM_COMMON_CFLAGS) +AM_CFLAGS = $(AM_COMMON_CFLAGS) $(HARDENING_CFLAGS) AM_CPPFLAGS = $(AM_COMMON_CPPFLAGS) AM_CXXFLAGS = \ @AM_CXXFLAGS@ \ $(AM_COMMON_CFLAGS) \ -ftemplate-depth-1024 \ -Wnon-virtual-dtor \ - -Wno-invalid-offsetof + -Wno-invalid-offsetof $(HARDENING_CFLAGS) if !CLANG AM_CXXFLAGS += -Wstrict-null-sentinel endif @@ -97,7 +124,7 @@ endif # http://sigquit.wordpress.com/2011/02/16/why-asneeded-doesnt-work-as-expected-for-your-libraries-on-your-autotools-project/ AM_LDFLAGS = if LINUX -AM_LDFLAGS += -Wl,--as-needed +AM_LDFLAGS += -Wl,--as-needed $(HARDENING_LDFLAGS) endif if USE_BOOST_SPIRIT_OLD_HDR