diff options
| author | Frediano Ziglio <fziglio@redhat.com> | 2017-08-17 16:32:10 +0100 |
|---|---|---|
| committer | Frediano Ziglio <fziglio@redhat.com> | 2018-05-25 14:05:23 +0100 |
| commit | 5d5a268d94c5ba32cb134bea9ce6039ec7e66f37 (patch) | |
| tree | 9b35720d606707c572806ab5badc7c6aa6e60e73 | |
| parent | e2ced9f094bf676856ae78779f4a791936eb535f (diff) | |
Enable some security options on output executables
Enable NX (prevent data to be executable) and ASLR (address
randomisation).
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
| -rw-r--r-- | Makefile.am | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/Makefile.am b/Makefile.am index 62640f2..3556681 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,11 +20,31 @@ endif # -lversion is needed for the GetFileVersion* API which is used by vdlog.cpp LIBS = -lversion +# binutils does not take into account entry point when +# -pie is used so we need to provide it manually +ENTRY_PREFIX := $(if $(filter x86_64,$(host_cpu)),,_) + +# --dynamicbase to enable ASLR protection +# --nxcompat is to enable NX protection +# --pie as --dynamicbase requires relocations +LDFLAGS_SECURITY_COMMON = \ + -Wl,--dynamicbase -Wl,-pie \ + -Wl,--nxcompat \ + $(NULL) +LDFLAGS_SECURITY_GUI = $(LDFLAGS_SECURITY_COMMON) \ + -Wl,-e,$(ENTRY_PREFIX)WinMainCRTStartup \ + -mwindows \ + $(NULL) +LDFLAGS_SECURITY_CUI = $(LDFLAGS_SECURITY_COMMON) \ + -Wl,-e,$(ENTRY_PREFIX)mainCRTStartup \ + -mconsole \ + $(NULL) + bin_PROGRAMS = vdagent vdservice vdagent_LDADD = $(LIBPNG_LIBS) $(ZLIB_LIBS) -lwtsapi32 -lgdi32 vdagent_rc.$(OBJEXT) vdagent_CXXFLAGS = $(AM_CXXFLAGS) $(LIBPNG_CFLAGS) -vdagent_LDFLAGS = $(AM_LDFLAGS) -Wl,--subsystem,windows +vdagent_LDFLAGS = $(AM_LDFLAGS) $(LDFLAGS_SECURITY_GUI) vdagent_SOURCES = \ common/vdcommon.cpp \ common/vdcommon.h \ @@ -53,6 +73,7 @@ vdagent_rc.$(OBJEXT): vdagent/vdagent.rc MAINTAINERCLEANFILES += vdagent_rc.$(OBJEXT) vdservice_LDADD = -lwtsapi32 vdservice_rc.$(OBJEXT) +vdservice_LDFLAGS = $(AM_LDFLAGS) $(LDFLAGS_SECURITY_CUI) vdservice_SOURCES = \ common/stdint.h \ common/vdcommon.cpp \ @@ -71,7 +92,7 @@ check_PROGRAMS = imagetest imagetest_LDADD = $(LIBPNG_LIBS) $(ZLIB_LIBS) -lwtsapi32 -lgdi32 imagetest_CXXFLAGS = $(AM_CXXFLAGS) $(LIBPNG_CFLAGS) -imagetest_LDFLAGS = $(AM_LDFLAGS) -Wl,--subsystem,console +imagetest_LDFLAGS = $(AM_LDFLAGS) $(LDFLAGS_SECURITY_CUI) imagetest_SOURCES = \ common/vdcommon.cpp \ common/vdcommon.h \ @@ -91,7 +112,7 @@ check_PROGRAMS += test-log-win TESTS += test-log EXTRA_DIST += test-log -test_log_win_LDFLAGS = $(AM_LDFLAGS) -Wl,--subsystem,console +test_log_win_LDFLAGS = $(AM_LDFLAGS) $(LDFLAGS_SECURITY_CUI) test_log_win_SOURCES = \ common/vdcommon.cpp \ common/vdcommon.h \ |