From 23f03fe7349275f6ddb07a791623257f68da408e Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sat, 7 Sep 2019 22:54:34 +0200
Subject: cmake: Add some flags that enable exploit mitigation techniques

---
 CMakeLists.txt | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'CMakeLists.txt')

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0141b05..26d4d38 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -33,19 +33,21 @@ ELSE()
 	OPTION(BUILD_KERNEL_MODULE "Build the dnbd3 Linux kernel module" ON)
 ENDIF()
 
+# Common for gcc and clang
+SET(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro,-z,now -pie")
+SET(CMAKE_C_FLAGS "-fPIE -std=c11 -fstack-protector -Wno-multichar -fno-strict-aliasing -D_GNU_SOURCE ${EXTRA_C_FLAGS}")
 if(CMAKE_C_COMPILER MATCHES "clang")
 	message( "Using clang flags." )
-	SET(CMAKE_C_FLAGS_DEBUG "-std=c11 -O1 -fno-omit-frame-pointer -g -Wall -Wextra -Wpedantic -Wno-unused-result -D_GNU_SOURCE -D_DEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}")
-	SET(CMAKE_C_FLAGS_RELEASE "-std=c11 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}")
+	SET(CMAKE_C_FLAGS_DEBUG " -O1 -fno-omit-frame-pointer -g -Wall -Wextra -Wpedantic -Wno-unused-result -D_DEBUG")
+	SET(CMAKE_C_FLAGS_RELEASE " -O3 -Wno-unused-result -DNDEBUG")
 elseif (CMAKE_C_COMPILER MATCHES "(cc-)|(cc$)")
 	message( "Using (g)cc flags." )
-	SET(CMAKE_C_FLAGS_DEBUG "-std=c11 -O0 -g -Wall -Wextra -Wpedantic -Wconversion -Wno-sign-conversion -D_GNU_SOURCE -D_DEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}")
-	SET(CMAKE_C_FLAGS_RELEASE "-std=c11 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG -Wno-multichar -fno-strict-aliasing ${EXTRA_C_FLAGS}")
+	SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -mmitigate-rop")
+	SET(CMAKE_C_FLAGS_DEBUG " -O0 -g -Wall -Wextra -Wpedantic -Wconversion -Wno-sign-conversion -D_DEBUG")
+	SET(CMAKE_C_FLAGS_RELEASE " -O3 -Wno-unused-result -DNDEBUG")
 else()
 	message( FATAL_ERROR "Could not determine compiler type." )
 endif()
-#SET(CMAKE_CXX_FLAGS_DEBUG "-std=c99 -O0 -g -Wall -Wno-unused-result -D_GNU_SOURCE -D_DEBUG")
-#SET(CMAKE_CXX_FLAGS_RELEASE "-std=c99 -O2 -Wno-unused-result -D_GNU_SOURCE -DNDEBUG" )
 
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")
 
-- 
cgit v1.2.3-55-g7522