Changeset View
Changeset View
Standalone View
Standalone View
src/CMakeLists.txt
Show First 20 Lines • Show All 55 Lines • ▼ Show 20 Lines | if(ENABLE_HARDENING) | ||||
# CMake provides the POSITION_INDEPENDENT_CODE property to set PIC/PIE. | # CMake provides the POSITION_INDEPENDENT_CODE property to set PIC/PIE. | ||||
# Unfortunately setting the -pie linker flag this way require CMake >= 3.14, | # Unfortunately setting the -pie linker flag this way require CMake >= 3.14, | ||||
# which is not widely distributed at the time of writing. | # which is not widely distributed at the time of writing. | ||||
# FIXME: use the POSITION_INDEPENDENT_CODE property instead | # FIXME: use the POSITION_INDEPENDENT_CODE property instead | ||||
if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows") | if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Windows") | ||||
add_compiler_flag(-fPIE) | add_compiler_flag(-fPIE) | ||||
add_linker_flag(-pie) | add_linker_flag(-pie) | ||||
endif() | endif() | ||||
# Enable stack protection | |||||
add_cxx_compiler_flag(-fstack-protector-all -Wstack-protector) | |||||
deadalnix: Why only C++ ? | |||||
FabienAuthorUnsubmitted Done Inline ActionsThis is what autotools do, but I agree this is weird. I can include C if you are comfortable with it. Fabien: This is what autotools do, but I agree this is weird. I can include C if you are comfortable… | |||||
# Enable some buffer overflow checking | |||||
add_compiler_flag(-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2) | |||||
# Make the relocated sections read-only | |||||
add_linker_flag(-Wl,-z,relro -Wl,-z,now) | |||||
# Enable ASLR (these flags are primarily targeting MinGw) | |||||
add_linker_flag(-Wl,--dynamicbase -Wl,--nxcompat -Wl,--high-entropy-va) | |||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Windows") | |||||
deadalnixUnsubmitted Not Done Inline ActionsYou are testing for this twice. deadalnix: You are testing for this twice. | |||||
# MinGw provides its own libssp for stack smashing protection | |||||
add_linker_flag(-lssp) | |||||
deadalnixUnsubmitted Not Done Inline ActionsNo. You add a dependency to the library the proper way. deadalnix: No. You add a dependency to the library the proper way. | |||||
endif() | |||||
endif() | endif() | ||||
# Enable warning | # Enable warning | ||||
add_c_compiler_flag(-Wnested-externs -Wstrict-prototypes) | add_c_compiler_flag(-Wnested-externs -Wstrict-prototypes) | ||||
add_compiler_flag( | add_compiler_flag( | ||||
-Wall | -Wall | ||||
-Wextra | -Wextra | ||||
-Wformat | -Wformat | ||||
▲ Show 20 Lines • Show All 269 Lines • Show Last 20 Lines |
Why only C++ ?