summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-05-24 13:48:50 +0200
committerDaniel Borkmann <dborkman@redhat.com>2013-05-24 13:48:50 +0200
commit0548e971eeb7fc7ceffaa608f1ece638d6549ec1 (patch)
tree56029706a924e6d29904d62fd524f0da483cde49
parent37dd6912701cb16f6339af97216e159c3f9038ee (diff)
make: add HARDENING build option
Add HARDENING=1 build option and move all hardening-related GCC flags into this condition. This allows the user to choose whether or not he wants to have a hardened build with some possible performance tradeoff at load/runtime. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
-rw-r--r--Makefile25
1 files changed, 17 insertions, 8 deletions
diff --git a/Makefile b/Makefile
index 2c7852a..b303f77 100644
--- a/Makefile
+++ b/Makefile
@@ -38,8 +38,8 @@ endif
# For packaging purposes, you might want to call your own:
# make CFLAGS="<flags>"
-CFLAGS_DEF = -fstack-protector-all -Wstack-protector
-CFLAGS_DEF += --param=ssp-buffer-size=4
+CFLAGS_DEF = -std=gnu99
+
ifeq ($(DEBUG), 1)
CFLAGS_DEF += -g
CFLAGS_DEF += -O2
@@ -47,21 +47,29 @@ else
CFLAGS_DEF += -march=native
CFLAGS_DEF += -mtune=native
CFLAGS_DEF += -O3
- CFLAGS_DEF += -fPIE -pie
CFLAGS_DEF += -pipe
CFLAGS_DEF += -fomit-frame-pointer
+endif
+
+ifeq ($(HARDENING), 1)
+ CFLAGS_DEF += -fPIE -pie
CFLAGS_DEF += -Wl,-z,relro,-z,now
+ CFLAGS_DEF += -fstack-protector-all
+ CFLAGS_DEF += -Wstack-protector
+ CFLAGS_DEF += --param=ssp-buffer-size=4
+ CFLAGS_DEF += -ftrapv
+ CFLAGS_DEF += -D_FORTIFY_SOURCE=2
+ CFLAGS_DEF += -fexceptions
endif
+
CFLAGS_DEF += -fno-strict-aliasing
-CFLAGS_DEF += -fexceptions -ftrapv
CFLAGS_DEF += -fasynchronous-unwind-tables
CFLAGS_DEF += -fno-delete-null-pointer-checks
-CFLAGS_DEF += -D_FORTIFY_SOURCE=2
+
CFLAGS_DEF += -D_REENTRANT
-CFLAGS_DEF += -D_FILE_OFFSET_BITS=64
CFLAGS_DEF += -D_LARGEFILE_SOURCE
CFLAGS_DEF += -D_LARGEFILE64_SOURCE
-CFLAGS_DEF += -std=gnu99
+CFLAGS_DEF += -D_FILE_OFFSET_BITS=64
WFLAGS_DEF = -Wall
WFLAGS_DEF += -Wformat=2
@@ -69,8 +77,8 @@ WFLAGS_DEF += -Wmissing-prototypes
WFLAGS_DEF += -Wdeclaration-after-statement
WFLAGS_DEF += -Werror-implicit-function-declaration
WFLAGS_DEF += -Wstrict-prototypes
-WFLAGS_DEF += -Wundef
WFLAGS_DEF += -Wimplicit-int
+WFLAGS_DEF += -Wundef
WFLAGS_EXTRA = -Wno-unused-result
WFLAGS_EXTRA += -Wmissing-parameter-type
@@ -332,6 +340,7 @@ help:
$(Q)echo " help - Show this help"
$(Q)echo "$(bold)Available parameters:$(normal)"
$(Q)echo " DEBUG=1 - Enable debugging"
+ $(Q)echo " HARDENING=1 - Enable GCC hardening of executables"
$(Q)echo " PREFIX=/path - Install path prefix"
$(Q)echo " CROSS_COMPILE=/path-prefix - Kernel-like cross-compiling prefix"
$(Q)echo " CROSS_LD_LIBRARY_PATH=/path - Library search path for cross-compiling"