forked from ak-fortuna/fortuna
harden executable
* fortify source * link with "-pie" * split stack * set stack-protector to all
This commit is contained in:
parent
0c2a1c6744
commit
b15e1e9a55
@ -82,9 +82,9 @@ add_subdirectory(lib/fmt EXCLUDE_FROM_ALL)
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-DNDEBUG")
|
||||
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-fstack-protector-strong")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-fstack-protector-strong")
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-fstack-protector-all")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-all")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-fstack-protector-all")
|
||||
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-funwind-tables")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -funwind-tables")
|
||||
@ -93,12 +93,21 @@ add_subdirectory(lib/fmt EXCLUDE_FROM_ALL)
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-fasynchronous-unwind-tables")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fasynchronous-unwind-tables")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-fasynchronous-unwind-tables")
|
||||
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-Wp,-D_FORTIFY_SOURCE=2")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wp,-D_FORTIFY_SOURCE=2")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-Wp,-D_FORTIFY_SOURCE=2")
|
||||
endif(CMAKE_BUILD_TYPE MATCHES "Release")
|
||||
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsplit-stack")
|
||||
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=x86-64 -mtune=generic -pipe -fno-plt")
|
||||
if(NOT CMAKE_CXX_FLAGS MATCHES "-fPIC")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
|
||||
endif(NOT CMAKE_CXX_FLAGS MATCHES "-fPIC")
|
||||
|
||||
set(LDFLAGS "${LDFLAGS} -Wl,-O1,–sort-common,–as-needed,-z,relro,-z,now,-pic")
|
||||
|
||||
# inspired by https://medium.com/@alasher/colored-c-compiler-output-with-ninja-clang-gcc-10bfe7f2b949
|
||||
option (COLORS_FOREVER "Always produce ANSI-colored output (GNU/Clang only)." TRUE)
|
||||
if (${COLORS_FOREVER})
|
||||
@ -112,6 +121,7 @@ add_subdirectory(lib/fmt EXCLUDE_FROM_ALL)
|
||||
|
||||
message(STATUS "Compiler ID: ${CMAKE_CXX_COMPILER_ID}")
|
||||
message(STATUS "CMAKE_CXX_FLAGS: ${CMAKE_CXX_FLAGS}")
|
||||
message(STATUS "LDFLAGS: ${LDFLAGS}")
|
||||
|
||||
find_program(LLD lld)
|
||||
if(LLD)
|
||||
|
Loading…
Reference in New Issue
Block a user