diff options
author | Sergei Golubchik <serg@mariadb.org> | 2014-06-16 21:39:09 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2014-06-26 11:54:13 +0200 |
commit | da4f8269bf5919f7a48739dbe5460fe22a768967 (patch) | |
tree | fa6bca718db34ef02f1d8ecaaf7aedd8e38575b8 | |
parent | 6c0e3ef4503c6121f7d5b6b07dcd2ee035e26032 (diff) | |
download | mariadb-git-da4f8269bf5919f7a48739dbe5460fe22a768967.tar.gz |
MDEV-5730 enhance security using special compilation options
-Wl,-z,relro,-z,now
-pie
-fstack-protector --param=ssp-buffer-size=4
-D_FORTIFY_SOURCE=2
-rw-r--r-- | CMakeLists.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index a5f2dc2a3ad..bc1193c441a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -199,6 +199,20 @@ IF (WITH_ASAN) ENDIF() ENDIF() +OPTION(SECURITY_HARDENED "Use security-enhancing compiler features (stack protector, relro, etc)" ON) +IF(SECURITY_HARDENED) + # security-enhancing flags + MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC") + MY_CHECK_AND_SET_COMPILER_FLAG("-Wl,-z,relro,-z,now") + MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4") + + # sometimes _FORTIFY_SOURCE is predefined + INCLUDE(CheckSymbolExists) + CHECK_SYMBOL_EXISTS(_FORTIFY_SOURCE "" HAVE_FORTIFY_SOURCE) + IF(NOT HAVE_FORTIFY_SOURCE) + ADD_DEFINITIONS(-D_FORTIFY_SOURCE=2) + ENDIF() +ENDIF() OPTION(ENABLE_DEBUG_SYNC "Enable debug sync (debug builds only)" ON) IF(ENABLE_DEBUG_SYNC) |