diff options
| author | phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-20 22:35:25 +0000 |
|---|---|---|
| committer | phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-20 22:35:25 +0000 |
| commit | 43539ec330ef9df93a4b0701a5fc335c653da5e5 (patch) | |
| tree | fb496edb683547a8277f2a5e1706e9bf0bb2ffb3 /build | |
| parent | 912bc3c3db015a2c1abcd72646a9d1783c11e5de (diff) | |
| download | chromium_src-43539ec330ef9df93a4b0701a5fc335c653da5e5.zip chromium_src-43539ec330ef9df93a4b0701a5fc335c653da5e5.tar.gz chromium_src-43539ec330ef9df93a4b0701a5fc335c653da5e5.tar.bz2 | |
Use more hardening flags:
-D_FORTIFY_SOURCE=2
-Wl,-z,now (aka BIND_NOW)
-Wl,-z,relro (read-only relocation tables)
BUG=55439
Review URL: https://codereview.chromium.org/11411022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168889 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'build')
| -rw-r--r-- | build/common.gypi | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/build/common.gypi b/build/common.gypi index deadc29..99a3c46 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -2253,6 +2253,29 @@ }, }, 'conditions': [ + ['os_posix==1', { + 'target_defaults': { + 'cflags': [ + # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc + # supports it. + '-fstack-protector', + '--param=ssp-buffer-size=4', + ], + 'ldflags': [ + '-Wl,-z,now', + '-Wl,-z,relro', + ], + 'conditions': [ + ['chromium_code==1', { + # Non-chromium code is not guaranteed to compile cleanly + # with _FORTIFY_SOURCE. + 'defines': [ + '_FORTIFY_SOURCE=2', + ], + }], + ], + }, + }], ['os_posix==1 and OS!="mac" and OS!="ios"', { 'target_defaults': { # Enable -Werror by default, but put it in a variable so it can |