From bc3ad71f039397409d26572c4f34152e86eba7f0 Mon Sep 17 00:00:00 2001 From: Pentarctagon Date: Fri, 15 Jun 2018 02:18:32 -0500 Subject: [PATCH] Fixup for osx hardening options. (cherry-picked from commit da6ebc7423ea7b2e8a242ceb44f7bc72f2d08426) --- CMakeLists.txt | 6 +++++- SConstruct | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d5bec520d81..d6215968370 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -247,7 +247,11 @@ endif(NOT "${CMAKE_CXX_FLAGS}" STREQUAL "${COMPILER_FLAGS}") if(HARDEN) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE -fstack-protector-strong") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE -fstack-protector-strong") - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,now,-z,relro") + if(NOT APPLE) + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,now,-z,relro") + else(NOT APPLE) + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -Wl,-pie") + endif(NOT APPLE) add_definitions(-D_FORTIFY_SOURCE=2) endif(HARDEN) diff --git a/SConstruct b/SConstruct index 3535cb8fb81..3c3d80b47e9 100755 --- a/SConstruct +++ b/SConstruct @@ -497,15 +497,20 @@ for env in [test_env, client_env, env]: # # # Add options to provide more hardened executables +# osx doesn't seem to support RELRO # # if env['harden']: env.AppendUnique(CCFLAGS = ["-fPIE", "-fstack-protector-strong"]) - env.AppendUnique(LINKFLAGS = ["-fPIE", "-pie", "-Wl,-z,now,-z,relro"]) env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"]) if env["enable_lto"] == True: env.AppendUnique(LINKFLAGS = ["-fstack-protector-strong"]) + + if env["PLATFORM"] == 'darwin': + env.AppendUnique(LINKFLAGS = ["-fPIE", "-Wl,-pie"]) + else: + env.AppendUnique(LINKFLAGS = ["-fPIE", "-pie", "-Wl,-z,relro,-z,now"]) # # # Start determining options for debug build