daemons: use PIE and RELRO compiler/linker options

The PIE and RELRO compiler/linker options can be used to produce a code
some techniques applied that makes the code more immune to some attacks:

  - PIE (Position Independent Executable). It can make use of the ASLR
    (Address Space Layout Randomization) provided by kernel to avoid
    static locations for .text regions of executables (this is the 'pie'
    compiler and linker option)

  - RELRO (Relocation Read-Only). This prevents overwrite attacks of
    the GOT (Global Offset Table) and PLT (Procedure Lookup Table)
    used for relocations by making it read-only after all relocations
    are resolved (these are the 'relro' and 'now' linker options) -
    hence all symbols are resolved at the very start so there's no
    need for those tables to be writeable later.

These compiler/linker options are now used by default for daemons
if the compiler/linker supports it.

1 files changed, 9 insertions, 0 deletions

diff --git a/make.tmpl.in b/make.tmpl.in
index 944be9b68..5f72182b7 100644
--- a/make.tmpl.in
+++ b/make.tmpl.in
@@ -150,6 +150,15 @@ WFLAGS += -Wclobbered -Wempty-body -Wignored-qualifiers \
  -Wtype-limits -Wsync-nand -Wlogical-op
 endif
 
+ifneq ("@STATIC_LINK@", "yes")
+ifeq ("@HAVE_PIE@", "yes")
+ifeq ("@HAVE_FULL_RELRO@", "yes")
+  DAEMON_CFLAGS += -fPIE -DPIE
+  DAEMON_LDFLAGS += -Wl,-z,relro,-z,now -pie
+endif
+endif
+endif
+
 #WFLAGS += -W -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers
 #WFLAGS += -Wsign-compare -Wunused-parameter -Wmissing-field-initializers 
 #WFLAGS += -Wconversion -Wbad-function-cast -Wcast-qual -Waggregate-return -Wpacked