1
0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00

chore(build): improve hardening flags

Using "-fstack-protector-all" makes "--param ssp-buffer-size=1" pointless.

For ASLR "-pie -fPIE" is needed instead of just "-fPIE".
This commit is contained in:
lopachecoc 2017-01-10 13:41:23 +00:00 committed by GitHub
parent 52642578a0
commit 286e67ddd2

View File

@ -47,16 +47,17 @@ CONFIG += silent
# Hardening flags (ASLR, warnings, etc) # Hardening flags (ASLR, warnings, etc)
# TODO: add `-Werror` to hardening flags once all warnings are fixed # TODO: add `-Werror` to hardening flags once all warnings are fixed
win32 { win32 {
QMAKE_CXXFLAGS += -fPIE \ QMAKE_CXXFLAGS += -pie \
-fPIE \
-Wstrict-overflow \ -Wstrict-overflow \
-Wstrict-aliasing -Wstrict-aliasing
} else { } else {
QMAKE_CXXFLAGS += -fstack-protector-all \ QMAKE_CXXFLAGS += -fstack-protector-all \
-pie \
-fPIE \ -fPIE \
-Wstack-protector \ -Wstack-protector \
-Wstrict-overflow \ -Wstrict-overflow \
-Wstrict-aliasing \ -Wstrict-aliasing
--param ssp-buffer-size=1
} }
# osx & windows cannot into security (build on it fails with those enabled) # osx & windows cannot into security (build on it fails with those enabled)