Gavin Andresen
@@ -36,8 +36,36 @@ LIBS+= \
|
||||
-l pthread
|
||||
|
||||
|
||||
# Hardening
|
||||
# Make some classes of vulnerabilities unexploitable in case one is discovered.
|
||||
#
|
||||
# Stack Canaries
|
||||
# Put numbers at the beginning of each stack frame and check that they are the same.
|
||||
# If a stack buffer if overflowed, it writes over the canary number and then on return
|
||||
# when that number is checked, it won't be the same and the program will exit with
|
||||
# a "Stack smashing detected" error instead of being exploited.
|
||||
HARDENING=-fstack-protector-all -Wstack-protector
|
||||
|
||||
# Make some important things such as the global offset table read only as soon as
|
||||
# the dynamic linker is finished building it. This will prevent overwriting of addresses
|
||||
# which would later be jumped to.
|
||||
HARDENING+=-Wl,-z,relro -Wl,-z,now
|
||||
|
||||
# Build position independent code to take advantage of Address Space Layout Randomization
|
||||
# offered by some kernels.
|
||||
# see doc/build-unix.txt for more information.
|
||||
ifdef PIE
|
||||
HARDENING+=-fPIE -pie
|
||||
endif
|
||||
|
||||
# -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in
|
||||
# the source such overflowing a statically defined buffer.
|
||||
HARDENING+=-D_FORTIFY_SOURCE=2
|
||||
#
|
||||
|
||||
|
||||
DEBUGFLAGS=-g -D__WXDEBUG__
|
||||
CXXFLAGS=-O2 -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS)
|
||||
CXXFLAGS=-O2 -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(HARDENING)
|
||||
HEADERS = \
|
||||
base58.h \
|
||||
bignum.h \
|
||||
|
||||
Reference in New Issue
Block a user