Browse Source
build-package.sh: setup basic hardening through CFLAGS/LDFLAGS
Use stack protector & make GOT/PLT sections read-only.
android-5
Leonid Plyushch
6 years ago
No known key found for this signature in database
GPG Key ID: 45F2964132545795
1 changed files with
7 additions and
3 deletions
-
scripts/build/termux_step_setup_toolchain.sh
|
|
|
@ -46,11 +46,15 @@ termux_step_setup_toolchain() { |
|
|
|
fi |
|
|
|
|
|
|
|
if [ -n "$TERMUX_DEBUG" ]; then |
|
|
|
CFLAGS+=" -g3 -O1 -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" |
|
|
|
CFLAGS+=" -g3 -O1 -D_FORTIFY_SOURCE=2" |
|
|
|
else |
|
|
|
CFLAGS+=" -Oz" |
|
|
|
fi |
|
|
|
|
|
|
|
# Basic hardening. |
|
|
|
CFLAGS+=" -fstack-protector-strong" |
|
|
|
LDFLAGS+=" -Wl,-z,relro,-z,now" |
|
|
|
|
|
|
|
export CXXFLAGS="$CFLAGS" |
|
|
|
export CPPFLAGS="-I${TERMUX_PREFIX}/include" |
|
|
|
|
|
|
|
|
