aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Kaufmann <phil.kaufmann@t-online.de>2012-10-12 22:05:48 +0200
committerPhilip Kaufmann <phil.kaufmann@t-online.de>2012-10-12 23:16:27 +0200
commit10d3603ffac70845528ca9de36d0ec8c0e523237 (patch)
tree99e3788a44661f34e8df1e76746f3eb2df8e0304
parent4bb25e48d722f4ce4ac0af098c049f95587ef266 (diff)
Bitcoin-Qt: add new GCC compiler hardening options
- this patch enables several new GCC compiler hardening options that allows us to increase the security of our binaries (see: https://wiki.debian.org/Hardening) -D_FORTIFY_SOURCE=2: Enables compile-time protection against static sized buffer overflows. -Wl,-z,relro -Wl,-z,now: Enables full RELRO (RELocation Read-Only), which is a generic mitigation technique to harden the data sections of an ELF binary/process. See: http://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for further details.
-rw-r--r--bitcoin-qt.pro2
1 files changed, 2 insertions, 0 deletions
diff --git a/bitcoin-qt.pro b/bitcoin-qt.pro
index 8aceb0390f..e71bb5fa8d 100644
--- a/bitcoin-qt.pro
+++ b/bitcoin-qt.pro
@@ -38,6 +38,8 @@ QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
# This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
}
+# for extra security (see: https://wiki.debian.org/Hardening)
+QMAKE_CXXFLAGS *= -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now
# for extra security on Windows: enable ASLR and DEP via GCC linker flags
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat