diff options
author | Daniel Borkmann <dborkman@redhat.com> | 2013-05-24 13:48:50 +0200 |
---|---|---|
committer | Daniel Borkmann <dborkman@redhat.com> | 2013-05-24 13:48:50 +0200 |
commit | 0548e971eeb7fc7ceffaa608f1ece638d6549ec1 (patch) | |
tree | 56029706a924e6d29904d62fd524f0da483cde49 /Makefile | |
parent | 37dd6912701cb16f6339af97216e159c3f9038ee (diff) |
make: add HARDENING build option
Add HARDENING=1 build option and move all hardening-related GCC
flags into this condition. This allows the user to choose whether
or not he wants to have a hardened build with some possible performance
tradeoff at load/runtime.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 25 |
1 files changed, 17 insertions, 8 deletions
@@ -38,8 +38,8 @@ endif # For packaging purposes, you might want to call your own: # make CFLAGS="<flags>" -CFLAGS_DEF = -fstack-protector-all -Wstack-protector -CFLAGS_DEF += --param=ssp-buffer-size=4 +CFLAGS_DEF = -std=gnu99 + ifeq ($(DEBUG), 1) CFLAGS_DEF += -g CFLAGS_DEF += -O2 @@ -47,21 +47,29 @@ else CFLAGS_DEF += -march=native CFLAGS_DEF += -mtune=native CFLAGS_DEF += -O3 - CFLAGS_DEF += -fPIE -pie CFLAGS_DEF += -pipe CFLAGS_DEF += -fomit-frame-pointer +endif + +ifeq ($(HARDENING), 1) + CFLAGS_DEF += -fPIE -pie CFLAGS_DEF += -Wl,-z,relro,-z,now + CFLAGS_DEF += -fstack-protector-all + CFLAGS_DEF += -Wstack-protector + CFLAGS_DEF += --param=ssp-buffer-size=4 + CFLAGS_DEF += -ftrapv + CFLAGS_DEF += -D_FORTIFY_SOURCE=2 + CFLAGS_DEF += -fexceptions endif + CFLAGS_DEF += -fno-strict-aliasing -CFLAGS_DEF += -fexceptions -ftrapv CFLAGS_DEF += -fasynchronous-unwind-tables CFLAGS_DEF += -fno-delete-null-pointer-checks -CFLAGS_DEF += -D_FORTIFY_SOURCE=2 + CFLAGS_DEF += -D_REENTRANT -CFLAGS_DEF += -D_FILE_OFFSET_BITS=64 CFLAGS_DEF += -D_LARGEFILE_SOURCE CFLAGS_DEF += -D_LARGEFILE64_SOURCE -CFLAGS_DEF += -std=gnu99 +CFLAGS_DEF += -D_FILE_OFFSET_BITS=64 WFLAGS_DEF = -Wall WFLAGS_DEF += -Wformat=2 @@ -69,8 +77,8 @@ WFLAGS_DEF += -Wmissing-prototypes WFLAGS_DEF += -Wdeclaration-after-statement WFLAGS_DEF += -Werror-implicit-function-declaration WFLAGS_DEF += -Wstrict-prototypes -WFLAGS_DEF += -Wundef WFLAGS_DEF += -Wimplicit-int +WFLAGS_DEF += -Wundef WFLAGS_EXTRA = -Wno-unused-result WFLAGS_EXTRA += -Wmissing-parameter-type @@ -332,6 +340,7 @@ help: $(Q)echo " help - Show this help" $(Q)echo "$(bold)Available parameters:$(normal)" $(Q)echo " DEBUG=1 - Enable debugging" + $(Q)echo " HARDENING=1 - Enable GCC hardening of executables" $(Q)echo " PREFIX=/path - Install path prefix" $(Q)echo " CROSS_COMPILE=/path-prefix - Kernel-like cross-compiling prefix" $(Q)echo " CROSS_LD_LIBRARY_PATH=/path - Library search path for cross-compiling" |