Bitcoin-Qt: add new GCC compiler hardening options

- this patch enables several new GCC compiler hardening options that
  allows us to increase the security of our binaries (see:
  https://wiki.debian.org/Hardening)

-D_FORTIFY_SOURCE=2:
Enables compile-time protection against static sized buffer overflows.

-Wl,-z,relro -Wl,-z,now:
Enables full RELRO (RELocation Read-Only), which is a generic mitigation
technique to harden the data sections of an ELF binary/process. See:
http://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for
further details.
pull/1925/head
Philip Kaufmann 12 years ago
parent 4bb25e48d7
commit 10d3603ffa

@ -38,6 +38,8 @@ QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable! # We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
# This can be enabled for Windows, when we switch to MinGW >= 4.4.x. # This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
} }
# for extra security (see: https://wiki.debian.org/Hardening)
QMAKE_CXXFLAGS *= -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now
# for extra security on Windows: enable ASLR and DEP via GCC linker flags # for extra security on Windows: enable ASLR and DEP via GCC linker flags
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat

Loading…
Cancel
Save