mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-15 19:42:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-5730 enhance security using special compilation options

Browse source 
-Wl,-z,relro,-z,now
-pie
-fstack-protector --param=ssp-buffer-size=4
-D_FORTIFY_SOURCE=2
This commit is contained in:
Sergei Golubchik 2014-06-16 21:39:09 +02:00
parent 6c0e3ef450
commit da4f8269bf
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
CMakeLists.txt
View file

@ -199,6 +199,20 @@ IF (WITH_ASAN)
ENDIF()
ENDIF()
OPTION(SECURITY_HARDENED "Use security-enhancing compiler features (stack protector, relro, etc)" ON)
IF(SECURITY_HARDENED)
# security-enhancing flags
MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC")
MY_CHECK_AND_SET_COMPILER_FLAG("-Wl,-z,relro,-z,now")
MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4")
# sometimes _FORTIFY_SOURCE is predefined
INCLUDE(CheckSymbolExists)
CHECK_SYMBOL_EXISTS(_FORTIFY_SOURCE "" HAVE_FORTIFY_SOURCE)
IF(NOT HAVE_FORTIFY_SOURCE)
ADD_DEFINITIONS(-D_FORTIFY_SOURCE=2)
ENDIF()
ENDIF()
OPTION(ENABLE_DEBUG_SYNC "Enable debug sync (debug builds only)" ON)
IF(ENABLE_DEBUG_SYNC)