From f10fc8c15e15c8966733b580c51f67cce69a6e3e Mon Sep 17 00:00:00 2001
From: "saerome.kim" <saerome.kim@samsung.com>
Date: Fri, 8 Nov 2019 17:44:37 +0900
Subject: [PATCH] Apply secure option

- Problem: There is no FORTIFY option.
- Cause: Unlike the SSP that catches the stack BOF, a protection technique is
  needed to catch the BOF that occurs in a general memory buffer.
- Solution: apply FORTIFY and stack-canar options.

Change-Id: I1c1d45f1edfb0e017bdd8a3a3c1f42469f324220
Signed-off-by: saerome.kim <saerome.kim@samsung.com>
---
 ua-api/CMakeLists.txt    | 10 ++++++----
 ua-daemon/CMakeLists.txt |  7 +++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/ua-api/CMakeLists.txt b/ua-api/CMakeLists.txt
index 9a2fd41..0795b65 100644
--- a/ua-api/CMakeLists.txt
+++ b/ua-api/CMakeLists.txt
@@ -24,10 +24,12 @@ FOREACH(flag ${PKGS_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)
 
-SET(RELO_FLAGS "-D_FORTIFY_SOURCE=2 -Wl,-z,relro")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden -Wall -fPIE")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -g ")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${RELO_FLAGS} -fPIE -fPIC -Wall -Werror")
+SET(RELRO_FLAGS "-Wl,-z,relro")
+SET(FORTIFY_FLAGS "-D_FORTIFY_SOURCE=2")
+SET(STACK_CANARY_FLAGS "-fstack-protector-strong")
+SET(PIE_FLAGS "-fPIE -fPIC")
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden -g")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${STACK_CANARY_FLAGS} ${FORTIFY_FLAGS} ${RELRO_FLAGS} ${PIE_FLAGS} -Wall -Werror")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
 
 SET(SRCS
diff --git a/ua-daemon/CMakeLists.txt b/ua-daemon/CMakeLists.txt
index 687b780..9a8d9b5 100644
--- a/ua-daemon/CMakeLists.txt
+++ b/ua-daemon/CMakeLists.txt
@@ -57,8 +57,11 @@ IF(DBPATH)
     ADD_DEFINITIONS("-DDATABASE_FULL_PATH=\"${DBPATH}\"")
 ENDIF(DBPATH)
 
-SET(RELO_FLAGS "-D_FORTIFY_SOURCE=2 -Wl,-z,relro")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${RELO_FLAGS} -fPIE -fPIC -Wall -Werror")
+SET(RELRO_FLAGS "-Wl,-z,relro")
+SET(FORTIFY_FLAGS "-D_FORTIFY_SOURCE=2")
+SET(STACK_CANARY_FLAGS "-fstack-protector-strong")
+SET(PIE_FLAGS "-fPIE -fPIC")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${STACK_CANARY_FLAGS} ${FORTIFY_FLAGS} ${RELRO_FLAGS} ${PIE_FLAGS} -Wall -Werror")
 SET(CMAKE_C_FLAGS_DEBUG "-O0 -g")
 SET(CMAKE_C_FLAGS_RELEASE "-O2")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
-- 
2.7.4