From 6be6646a4edbf38f2a86c330c05c0f76d2a4db9e Mon Sep 17 00:00:00 2001 From: Pentarctagon Date: Fri, 15 Jun 2018 01:31:31 -0500 Subject: [PATCH] Enabled hardened executables by default. The result of running "hardening-check wesnoth" now shows: * Position Independent Executable: yes * Stack protected: yes * Fortify Source functions: yes (some protected functions found) * Read-only relocations: yes * Immediate binding: yes (cherry-picked from commit 3290961db2eb00221c94f88f02f77ab640f497a4) --- CMakeLists.txt | 1 + SConstruct | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0c8e64de309..d5bec520d81 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -146,6 +146,7 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Linux") option(ENABLE_APPDATA_FILE "enable installation of an appdata file for appstream" ON) endif(CMAKE_SYSTEM_NAME STREQUAL "Linux") +option(HARDEN "Whether to enable options to harden the executables" ON) option(ENABLE_STRICT_COMPILATION "Sets the strict compilation mode" OFF) option(ENABLE_PEDANTIC_COMPILATION "Sets the pedantic compilation mode" OFF) option(ENABLE_DEBUG_WINDOW_LAYOUT "Add the debug option to allow the generation of debug layout files in dot format" OFF) diff --git a/SConstruct b/SConstruct index b470e2dadb3..3535cb8fb81 100755 --- a/SConstruct +++ b/SConstruct @@ -56,7 +56,7 @@ opts.AddVariables( BoolVariable('enable_lto', 'Whether to enable Link Time Optimization for build=release', False), ('arch', 'What -march option to use for build=release, will default to pentiumpro on Windows', ""), ('opt', 'override for the build\'s optimization level', ""), - BoolVariable('harden', 'Whether to enable options to harden the executables', False), + BoolVariable('harden', 'Whether to enable options to harden the executables', True), BoolVariable('glibcxx_debug', 'Whether to define _GLIBCXX_DEBUG and _GLIBCXX_DEBUG_PEDANTIC for build=debug', False), EnumVariable('profiler', 'profiler to be used for build=profile', "gprof", ["gprof", "gcov", "gperftools", "perf"]), EnumVariable('pgo_data', 'whether to generate profiling data for PGO, or use existing profiling data', "", ["", "generate", "use"]),