lukechilds
/
termux-packages
mirror of https://github.com/lukechilds/termux-packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

build-package.sh: setup basic hardening through CFLAGS/LDFLAGS 

Use stack protector & make GOT/PLT sections read-only.
android-5
Leonid Plyushch 6 years ago
parent
e53949f95c
commit
359c2d9d5d
No known key found for this signature in database GPG Key ID: 45F2964132545795
1 changed files with 7 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      scripts/build/termux_step_setup_toolchain.sh

10
scripts/build/termux_step_setup_toolchain.sh
View File

@ -46,11 +46,15 @@ termux_step_setup_toolchain() {
fi
if [ -n "$TERMUX_DEBUG" ]; then
CFLAGS+=" -g3 -O1 -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
CFLAGS+=" -g3 -O1 -D_FORTIFY_SOURCE=2"
else
CFLAGS+=" -Oz"
fi
# Basic hardening.
CFLAGS+=" -fstack-protector-strong"
LDFLAGS+=" -Wl,-z,relro,-z,now"
export CXXFLAGS="$CFLAGS"
export CPPFLAGS="-I${TERMUX_PREFIX}/include"
@ -113,12 +117,12 @@ termux_step_setup_toolchain() {
sed -i 's/clang/clang -E/' \
$_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-cpp
cp $_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-clang \
$_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-gcc
$_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-gcc
cp $_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-clang++ \
$_TERMUX_TOOLCHAIN_TMPDIR/bin/$HOST_PLAT-gcc
done
cp $_TERMUX_TOOLCHAIN_TMPDIR/bin/armv7a-linux-androideabi$TERMUX_PKG_API_LEVEL-clang \
$_TERMUX_TOOLCHAIN_TMPDIR/bin/arm-linux-androideabi-clang
$_TERMUX_TOOLCHAIN_TMPDIR/bin/arm-linux-androideabi-clang
cp $_TERMUX_TOOLCHAIN_TMPDIR/bin/armv7a-linux-androideabi$TERMUX_PKG_API_LEVEL-clang++ \
$_TERMUX_TOOLCHAIN_TMPDIR/bin/arm-linux-androideabi-clang++
cp $_TERMUX_TOOLCHAIN_TMPDIR/bin/armv7a-linux-androideabi-cpp \

Write Preview
Loading…
Cancel
Save