diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2019-08-26 16:28:29 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-08-26 23:33:42 +0200 |
| commit | 58bfe9da54fb548031367f529823f20cc6f22b70 (patch) | |
| tree | 84d6b7d4f29e327a12e15a99502018a0b7392305 /CMakeLists.txt | |
| parent | eb8f7005bdcf3ee3e2db2cc5bc8e9fde42122cef (diff) | |
| download | mariadb-git-58bfe9da54fb548031367f529823f20cc6f22b70.tar.gz | |
cleanup: SECURITY_HARDENED in CMakeLists.txt
Diffstat (limited to 'CMakeLists.txt')
| -rw-r--r-- | CMakeLists.txt | 31 |
1 files changed, 9 insertions, 22 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 6f056e671d9..e6cd55b81ee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -220,9 +220,6 @@ ENDIF() OPTION(WITH_TSAN "Enable thread sanitizer" OFF) IF (WITH_TSAN) - IF(SECURITY_HARDENED) - MESSAGE(FATAL_ERROR "WITH_TSAN and SECURITY_HARDENED are mutually exclusive") - ENDIF() MY_CHECK_AND_SET_COMPILER_FLAG("-fsanitize=thread" DEBUG RELWITHDEBINFO) ENDIF() @@ -236,25 +233,15 @@ IF (WITH_MSAN) MY_CHECK_AND_SET_COMPILER_FLAG("-fsanitize=memory -fsanitize-memory-track-origins -U_FORTIFY_SOURCE" DEBUG RELWITHDEBINFO) ENDIF() -IF(NOT WITH_TSAN) - # enable security hardening features, like most distributions do - # in our benchmarks that costs about ~1% of performance, depending on the load - IF(CMAKE_C_COMPILER_VERSION VERSION_LESS "4.6" OR WITH_ASAN OR WITH_UBSAN) - SET(security_default OFF) - ELSE() - SET(security_default ON) - ENDIF() - OPTION(SECURITY_HARDENED "Use security-enhancing compiler features (stack protector, relro, etc)" ${security_default}) - IF(SECURITY_HARDENED) - IF(WITH_ASAN OR WITH_UBSAN) - MESSAGE(FATAL_ERROR "WITH_ASAN/WITH_UBSAN and SECURITY_HARDENED are mutually exclusive") - ENDIF() - # security-enhancing flags - MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC") - MY_CHECK_AND_SET_COMPILER_FLAG("-Wl,-z,relro,-z,now") - MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4") - MY_CHECK_AND_SET_COMPILER_FLAG("-D_FORTIFY_SOURCE=2" RELEASE RELWITHDEBINFO) - ENDIF() +# enable security hardening features, like most distributions do +# in our benchmarks that costs about ~1% of performance, depending on the load +OPTION(SECURITY_HARDENED "Use security-enhancing compiler features (stack protector, relro, etc)" ON) +IF(SECURITY_HARDENED AND NOT WITH_ASAN AND NOT WITH_UBSAN AND NOT WITH_TSAN) + # security-enhancing flags + MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC") + MY_CHECK_AND_SET_COMPILER_FLAG("-Wl,-z,relro,-z,now") + MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4") + MY_CHECK_AND_SET_COMPILER_FLAG("-D_FORTIFY_SOURCE=2" RELEASE RELWITHDEBINFO) ENDIF() # Always enable debug sync for debug builds. |