Home Explore Help
Sign In
patron
/
FreeBSD
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Common hardening Makefile

David Marec 7 months ago
parent
047084d759
commit
b8c8cd4fb0
6 changed files with 37 additions and 37 deletions
Split View Show Diff Stats
  1. 9 0
      Mk/hardening.mk
  2. 6 8
      btree/Makefile
  3. 6 7
      crc32/Makefile
  4. 6 8
      ismounted/Makefile
  5. 5 7
      kqueue/Makefile
  6. 5 7
      sockraw/Makefile

+ 9 - 0
Mk/hardening.mk
View File 

@@ -0,0 +1,9 @@
 
+CFLAGS+=-fPIE -fno-strict-aliasing
 
+CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
+CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
+CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
+CFLAGS+=-fstrict-flex-arrays=3
 
+
 
+LDFLAGS+=-Wl,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
+LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries
 
+

+ 6 - 8
btree/Makefile
View File 

@@ -1,12 +1,6 @@
 
-CFLAGS+=-O3 -Wall -fPIE -fno-strict-aliasing
 
-CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
-CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
-CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
-CFLAGS+=-fstrict-flex-arrays=3
 
-
 
+CFLAGS+=-O3 -Wall
 
 LDFLAGS=-lutil
 
-LDFLAGS+=-Wl,-O3,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
-LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries
 
+LDFLAGS+=-Wl,-O3
 
 
 BTREE=btest
 
 BTREE_OBJS=btest.o bcompare.o
 
@@ -15,6 +9,8 @@ BPROMPT=bprompt
 
 BPROMPT_OBJS=bprompt.o bcompare.o
 
 BPROMPT_LEX=lex.yy.c
 
 BPROMPT_YACC=y.tab.c
 
+
 
+.SYSPATH:	 $(.CURDIR)/../Mk
 
 .PHONY: clean 
 
 .MAIN: clean $(BPROMPT) $(BTREE)
 
@@ -37,3 +33,5 @@ SUFFIXES: .c .o
 
 
 clean:
 
 	rm -f *.o $(BTREE) ${BPROMPT} $(BPROMPT_YACC) $(BPROMPT_LEX)
 
+
 
+.include <hardening.mk>

+ 6 - 7
crc32/Makefile
View File 

@@ -1,15 +1,12 @@
 
-CFLAGS+=-O3 -Wall -fPIE -fno-strict-aliasing
 
-CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
-CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
-CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
-CFLAGS+=-fstrict-flex-arrays=3 -msse4.2
 
+CFLAGS+=-O3 -Wall
 
+CFLAGS+=-msse4.2
 
 
-LDFLAGS+=-lutil -msse4.2 -Wl,-O3,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
-LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries
 
+LDFLAGS+=-lutil -msse4.2 -Wl,-O3
 
 
 PROG=crc32c
 
 PROG_OBJS=crc32c.o
 
 
+.SYSPATH:	 $(.CURDIR)/../Mk
 
 .PHONY: clean
 
 .MAIN: $(PROG)
 
 
@@ -22,3 +19,5 @@ $(PROG): $(PROG_OBJS)
 
 clean:
 
 	rm -f *.o $(PROG)
 
 
+.include <hardening.mk>
 
+

+ 6 - 8
ismounted/Makefile
View File 

@@ -1,15 +1,11 @@
 
-CFLAGS+=-O3 -Wall -fPIE -fno-strict-aliasing
 
-CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
-CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
-CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
-CFLAGS+=-fstrict-flex-arrays=3
 
-
 
-LDFLAGS+=-Wl,-O3,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
-LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries -lrt
 
+CFLAGS+=-O3 -Wall
 
+LDFLAGS+=-lrt
 
 
 PRJ=ismounted
 
 PRJ_OBJS=ismounted.o
 
 
+.SYSPATH:	 $(.CURDIR)/../Mk
 
+
 
 .PHONY: clean
 
 .MAIN: $(PRJ)
 
 
@@ -20,3 +16,5 @@ $(PRJ): $(PRJ_OBJS)
 
 clean:
 
 	rm -f *.o $(PRJ)
 
 
+.include <hardening.mk>
 
+

+ 5 - 7
kqueue/Makefile
View File 

@@ -1,15 +1,11 @@
 
-CFLAGS+=-O3 -Wall -fPIE -fno-strict-aliasing
 
-CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
-CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
-CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
-CFLAGS+=-fstrict-flex-arrays=3
 
+CFLAGS+=-O3 -Wall
 
 
-LDFLAGS+=-Wl,-O3,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
-LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries
 
+LDFLAGS+=-Wl,-O3
 
 
 KQT=kq_timer
 
 KQT_OBJS=kq_timer.o
 
 
+.SYSPATH:	 $(.CURDIR)/../Mk
 
 .PHONY: clean
 
 .MAIN: $(KQT)
 
 
@@ -22,3 +18,5 @@ kq_timer: $(KQT_OBJS)
 
 clean:
 
 	rm -f *.o $(KQT)
 
 
+.include <hardening.mk>
 
+

+ 5 - 7
sockraw/Makefile
View File 

@@ -1,15 +1,11 @@
 
-CFLAGS+=-O3 -Wall -fPIE -fno-strict-aliasing
 
-CFLAGS+=-Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
 
-CFLAGS+=-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
 
-CFLAGS+=-fstack-clash-protection -fstack-protector-strong
 
-CFLAGS+=-fstrict-flex-arrays=3
 
+CFLAGS+=-O3 -Wall
 
 
-LDFLAGS+=-Wl,-O3,--sort-common,--as-needed,-z,relro,-z,now,--strip-all -pie
 
-LDFLAGS+=-Wl,-z,nodlopen -Wl,-z,noexecstack,--no-copy-dt-needed-entries
 
+LDFLAGS+=-Wl,-O3
 
 
 BPF=sockbpf
 
 BPF_OBJS=sockbpf.o
 
 
+.SYSPATH:	 $(.CURDIR)/../Mk
 
 .PHONY: clean
 
 .MAIN: $(BPF)
 
 
@@ -22,3 +18,5 @@ $(BPF): $(BPF_OBJS)
 
 clean:
 
 	rm -f *.o $(BPF)
 
 
+.include <hardening.mk>
 
+