From 0f33846367ea29d06c30a8b881675dfc2fb8892c Mon Sep 17 00:00:00 2001

From: Roland Mainz <rmainz@redhat.com>

Date: Thu, 7 May 2015 20:21:21 +0200

Subject: [PATCH] Add PIE and RELRO compiler flags for hardening

Add PIE (=position independent code) and RELRO (=read-only jump

tables and relocation addresses) compiler flags for hardening.

Fixes: https://fedorahosted.org/gss-proxy/ticket/147

Signed-off-by: Roland Mainz <rmainz@redhat.com>

Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>

Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>

---

 proxy/Makefile.am | 7 ++++++-

 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/proxy/Makefile.am b/proxy/Makefile.am

index 821362502483f046c46209c16ef422d796c4b384..39674f6764da914f5d54d68672b6b1bcd4247f8f 100644

--- a/proxy/Makefile.am

+++ b/proxy/Makefile.am

@@ -31,6 +31,10 @@ pkgconfigdir = $(libdir)/pkgconfig

 gpstatedir = @gpstatedir@

 gpclidir = @gpstatedir@/clients

+# Flags for hardening (separated out so we can override them for testing)

+PIE_CFLAGS	= -fPIE

+RELRO_CFLAGS	= -Wl,-z,relro,-z,now

+

 AM_CFLAGS =

 if WANT_AUX_INFO

     AM_CFLAGS += -aux-info $@.X

@@ -41,7 +45,8 @@ if HAVE_GCC

     AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \

                  -Wcast-qual -Wcast-align -Wwrite-strings \

                  -fstrict-aliasing -Wstrict-aliasing -Werror=strict-aliasing \

-                 -Werror-implicit-function-declaration

+                 -Werror-implicit-function-declaration \

+                 $(PIE_CFLAGS) $(RELRO_CFLAGS)

 endif

 dist_pkgconfig_DATA =

-- 

2.4.0