diff options
| author | Wladimir J. van der Laan <[email protected]> | 2012-10-25 01:07:19 -0700 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2012-10-25 01:07:19 -0700 |
| commit | 2d53ba2c69f975a163d3332ff3879a40b1367b39 (patch) | |
| tree | 1c5244be9c70c2b2621de9b0c4d8dfe83813d058 | |
| parent | Merge pull request #1947 from centromere/freebsd_cpu_fix (diff) | |
| parent | Bitcoin-Qt: remove unneeded "--param ssp-buffer-size=1" flag (diff) | |
| download | discoin-2d53ba2c69f975a163d3332ff3879a40b1367b39.tar.xz discoin-2d53ba2c69f975a163d3332ff3879a40b1367b39.zip | |
Merge pull request #1925 from Diapolo/gcc-hardening
GCC hardening for Bitcoin-Qt
| -rw-r--r-- | bitcoin-qt.pro | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/bitcoin-qt.pro b/bitcoin-qt.pro index c38f26505..cd9755e8f 100644 --- a/bitcoin-qt.pro +++ b/bitcoin-qt.pro @@ -33,11 +33,13 @@ contains(RELEASE, 1) { !win32 { # for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection -QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 -QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 +QMAKE_CXXFLAGS *= -fstack-protector-all +QMAKE_LFLAGS *= -fstack-protector-all # We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable! # This can be enabled for Windows, when we switch to MinGW >= 4.4.x. } +# for extra security (see: https://wiki.debian.org/Hardening) +QMAKE_CXXFLAGS *= -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now # for extra security on Windows: enable ASLR and DEP via GCC linker flags win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat |