diff options
| author | Philip Kaufmann <[email protected]> | 2012-10-12 22:05:48 +0200 |
|---|---|---|
| committer | Philip Kaufmann <[email protected]> | 2012-10-12 23:16:27 +0200 |
| commit | 10d3603ffac70845528ca9de36d0ec8c0e523237 (patch) | |
| tree | 99e3788a44661f34e8df1e76746f3eb2df8e0304 | |
| parent | Merge pull request #1921 from laanwj/2012_10_init_useafterfree (diff) | |
| download | discoin-10d3603ffac70845528ca9de36d0ec8c0e523237.tar.xz discoin-10d3603ffac70845528ca9de36d0ec8c0e523237.zip | |
Bitcoin-Qt: add new GCC compiler hardening options
- this patch enables several new GCC compiler hardening options that
allows us to increase the security of our binaries (see:
https://wiki.debian.org/Hardening)
-D_FORTIFY_SOURCE=2:
Enables compile-time protection against static sized buffer overflows.
-Wl,-z,relro -Wl,-z,now:
Enables full RELRO (RELocation Read-Only), which is a generic mitigation
technique to harden the data sections of an ELF binary/process. See:
http://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for
further details.
| -rw-r--r-- | bitcoin-qt.pro | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/bitcoin-qt.pro b/bitcoin-qt.pro index 8aceb0390..e71bb5fa8 100644 --- a/bitcoin-qt.pro +++ b/bitcoin-qt.pro @@ -38,6 +38,8 @@ QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 # We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable! # This can be enabled for Windows, when we switch to MinGW >= 4.4.x. } +# for extra security (see: https://wiki.debian.org/Hardening) +QMAKE_CXXFLAGS *= -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now # for extra security on Windows: enable ASLR and DEP via GCC linker flags win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat |