From 43b3f6e33912bc180f811010caea4c4fb19e87e6 Mon Sep 17 00:00:00 2001 From: Zetok Zalbavar Date: Sat, 17 Dec 2016 20:06:44 +0000 Subject: [PATCH] chore(build): add hardening flags to default qTox builds Re: #3452 --- qtox.pro | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/qtox.pro b/qtox.pro index 8c08c1761..def02d0d3 100644 --- a/qtox.pro +++ b/qtox.pro @@ -44,6 +44,20 @@ CONFIG += link_pkgconfig # undocumented, but just works™ CONFIG += silent + +# Hardening flags (ASLR, warnings, etc) +# TODO: add `-Werror` to hardening flags once all warnings are fixed +QMAKE_CXXFLAGS += -fstack-protector-all \ + -fPIE \ + -Wstack-protector \ + -Wstrict-overflow \ + -Wstrict-aliasing \ + --param ssp-buffer-size=1 +# osx cannot into security (build on it fails with those enabled) +!macx { + QMAKE_LFLAGS += -Wl,-z,now -Wl,-z,relro +} + # needed, since `rtti_off` doesn't work QMAKE_CXXFLAGS += -fno-rtti QMAKE_RESOURCE_FLAGS += -compress 9 -threshold 0