projects / platform / core / connectivity / ua-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 79221af)
Apply secure option
authorsaerome.kim <saerome.kim@samsung.com>
Fri, 8 Nov 2019 08:44:37 +0000 (17:44 +0900)
committersaerome.kim <saerome.kim@samsung.com>
Fri, 8 Nov 2019 10:57:02 +0000 (19:57 +0900)
- Problem: There is no FORTIFY option.
- Cause: Unlike the SSP that catches the stack BOF, a protection technique is
  needed to catch the BOF that occurs in a general memory buffer.
- Solution: apply FORTIFY and stack-canar options.

Change-Id: Id8b5e42d3aa1e3b045fdb9b756857119f9dcfe92
Signed-off-by: saerome.kim <saerome.kim@samsung.com>
ua-api/CMakeLists.txt patch | blob | history
ua-daemon/CMakeLists.txt patch | blob | history

diff --git a/ua-api/CMakeLists.txt b/ua-api/CMakeLists.txt
index 9a2fd41..0795b65 100644 (file)
--- a/ua-api/CMakeLists.txt
+++ b/ua-api/CMakeLists.txt
@@ -24,10 +24,12 @@ FOREACH(flag ${PKGS_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)
 
-SET(RELO_FLAGS "-D_FORTIFY_SOURCE=2 -Wl,-z,relro")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden -Wall -fPIE")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -g ")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${RELO_FLAGS} -fPIE -fPIC -Wall -Werror")
+SET(RELRO_FLAGS "-Wl,-z,relro")
+SET(FORTIFY_FLAGS "-D_FORTIFY_SOURCE=2")
+SET(STACK_CANARY_FLAGS "-fstack-protector-strong")
+SET(PIE_FLAGS "-fPIE -fPIC")
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden -g")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${STACK_CANARY_FLAGS} ${FORTIFY_FLAGS} ${RELRO_FLAGS} ${PIE_FLAGS} -Wall -Werror")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
 
 SET(SRCS
diff --git a/ua-daemon/CMakeLists.txt b/ua-daemon/CMakeLists.txt
index 687b780..9a8d9b5 100644 (file)
--- a/ua-daemon/CMakeLists.txt
+++ b/ua-daemon/CMakeLists.txt
@@ -57,8 +57,11 @@ IF(DBPATH)
     ADD_DEFINITIONS("-DDATABASE_FULL_PATH=\"${DBPATH}\"")
 ENDIF(DBPATH)
 
-SET(RELO_FLAGS "-D_FORTIFY_SOURCE=2 -Wl,-z,relro")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${RELO_FLAGS} -fPIE -fPIC -Wall -Werror")
+SET(RELRO_FLAGS "-Wl,-z,relro")
+SET(FORTIFY_FLAGS "-D_FORTIFY_SOURCE=2")
+SET(STACK_CANARY_FLAGS "-fstack-protector-strong")
+SET(PIE_FLAGS "-fPIE -fPIC")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${STACK_CANARY_FLAGS} ${FORTIFY_FLAGS} ${RELRO_FLAGS} ${PIE_FLAGS} -Wall -Werror")
 SET(CMAKE_C_FLAGS_DEBUG "-O0 -g")
 SET(CMAKE_C_FLAGS_RELEASE "-O2")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
Domain: Network & Connectivity / Common;