diff options
| author | Simon Rettberg | 2019-09-07 22:54:34 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2019-09-07 22:54:34 +0200 |
| commit | 23f03fe7349275f6ddb07a791623257f68da408e (patch) | |
| tree | 6ae681c821d9d68ef1be3721eb792b16744d7b30 | |
| parent | [SERVER] Fix warning on clang (diff) | |
| download | dnbd3-23f03fe7349275f6ddb07a791623257f68da408e.tar.gz dnbd3-23f03fe7349275f6ddb07a791623257f68da408e.tar.xz dnbd3-23f03fe7349275f6ddb07a791623257f68da408e.zip | |
cmake: Add some flags that enable exploit mitigation techniques
| -rw-r--r-- | CMakeLists.txt | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 0141b05..26d4d38 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,19 +33,21 @@ ELSE() OPTION(BUILD_KERNEL_MODULE "Build the dnbd3 Linux kernel module" ON) ENDIF() +# Common for gcc and clang +SET(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro,-z,now -pie") +SET(CMAKE_C_FLAGS "-fPIE -std=c11 -fstack-protector -Wno-multichar -fno-strict-aliasing -D_GNU_SOURCE ${EXTRA_C_FLAGS}") if(CMAKE_C_COMPILER MATCHES "clang") message( "Using clang flags." ) - SET(CMAKE_C_FLAGS_DEBUG "-std=c11 -O1 -fno-omit-frame-pointer -g -Wall -Wextra -Wpedantic -Wno-unused-result -D_GNU_SOURCE -D_DEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}") - SET(CMAKE_C_FLAGS_RELEASE "-std=c11 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}") + SET(CMAKE_C_FLAGS_DEBUG " -O1 -fno-omit-frame-pointer -g -Wall -Wextra -Wpedantic -Wno-unused-result -D_DEBUG") + SET(CMAKE_C_FLAGS_RELEASE " -O3 -Wno-unused-result -DNDEBUG") elseif (CMAKE_C_COMPILER MATCHES "(cc-)|(cc$)") message( "Using (g)cc flags." ) - SET(CMAKE_C_FLAGS_DEBUG "-std=c11 -O0 -g -Wall -Wextra -Wpedantic -Wconversion -Wno-sign-conversion -D_GNU_SOURCE -D_DEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}") - SET(CMAKE_C_FLAGS_RELEASE "-std=c11 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -mmitigate-rop") + SET(CMAKE_C_FLAGS_DEBUG " -O0 -g -Wall -Wextra -Wpedantic -Wconversion -Wno-sign-conversion -D_DEBUG") + SET(CMAKE_C_FLAGS_RELEASE " -O3 -Wno-unused-result -DNDEBUG") else() message( FATAL_ERROR "Could not determine compiler type." ) endif() -#SET(CMAKE_CXX_FLAGS_DEBUG "-std=c99 -O0 -g -Wall -Wno-unused-result -D_GNU_SOURCE -D_DEBUG") -#SET(CMAKE_CXX_FLAGS_RELEASE "-std=c99 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG" ) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/") |