Fancy hardening flags

To: tech-pkg%netbsd.org@localhost
Subject: Fancy hardening flags
From: coypu%SDF.ORG@localhost
Date: Sat, 10 Dec 2016 11:17:31 +0000

So, I've wanted to make use of ASLR, and building
with clang meant I didn't have the existing flags
(which are in mk/compiler/gcc.mk).

The following seemed to just work:
APPEND_FLAGS=		-fPIC -pie -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -fstack-protector-all -march=native

CWRAPPERS_APPEND.cc+=	${APPEND_FLAGS}
CWRAPPERS_APPEND.cxx+=	${APPEND_FLAGS}
CWRAPPERS_APPEND.ld+=	-Wl,-z,relro -Wl,-z,now

(p.s. currently mk/compiler/gcc.mk is lacking appending
to cxx in some things).

Pretty neat.

if I were to clean up the logic in mk/compiler/gcc.mk
and make it compiler agnostic, where would be the
proper place to put it?

Follow-Ups:
- Re: Fancy hardening flags
  - From: Roland Illig

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: Fancy hardening flags
Previous by Thread: Adding CUDA support to graphics/opencv
Next by Thread: Re: Fancy hardening flags
Indexes:

Home | Main Index | Thread Index | Old Index