diff options
| author | Nick Kralevich <nnk@google.com> | 2015-04-24 21:26:08 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-04-24 21:26:08 -0700 |
| commit | 100acd1001ecebf11a28246bb759af015fdfebd6 (patch) | |
| tree | c499d57ea74fb2c9f0d9d10e576caa504fd17e27 /core/combo | |
| parent | 573dfb7cb8f768452744ddb781cc65412ed1a618 (diff) | |
| download | build-100acd1001ecebf11a28246bb759af015fdfebd6.zip build-100acd1001ecebf11a28246bb759af015fdfebd6.tar.gz build-100acd1001ecebf11a28246bb759af015fdfebd6.tar.bz2 | |
host compiler: enable compiler hardening flags
Enable the following compiler hardening flags:
* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector
relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.
stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.
Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.
Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f
Diffstat (limited to 'core/combo')
| -rw-r--r-- | core/combo/HOST_linux-x86.mk | 6 | ||||
| -rw-r--r-- | core/combo/HOST_linux-x86_64.mk | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk index 5f62400..8eda6c0 100644 --- a/core/combo/HOST_linux-x86.mk +++ b/core/combo/HOST_linux-x86.mk @@ -29,7 +29,7 @@ $(combo_2nd_arch_prefix)HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host # We expect SSE3 floating point math. $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott -$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack +$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. diff --git a/core/combo/HOST_linux-x86_64.mk b/core/combo/HOST_linux-x86_64.mk index 3685712..e268e41 100644 --- a/core/combo/HOST_linux-x86_64.mk +++ b/core/combo/HOST_linux-x86_64.mk @@ -28,7 +28,7 @@ HOST_AR := $(HOST_TOOLCHAIN_PREFIX)ar HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/ HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack -HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack +HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now ifneq ($(strip $(BUILD_HOST_static)),) # Statically-linked binaries are desirable for sandboxed environment @@ -40,8 +40,8 @@ HOST_GLOBAL_CFLAGS += -fPIC \ -no-canonical-prefixes \ -include $(call select-android-config-h,linux-x86) -# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? -HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 +# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757. +HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector # Workaround differences in inttypes.h between host and target. # See bug 12708004. |