Bug#734632: Hardening build flags

Moritz Muehlenhoff Wed, 08 Jan 2014 09:51:48 -0800

Package: libept
Severity: normal

Hi Enrico,
libept uses partial hardening flags already. The missing bits is
relro. I'm attaching a preliminary patch, adding it properly enables
relro.


However, a proper fix would be to pass the output of 
'dpkg-buildflags --get LDFLAGS' to Cmake, but I haven't yet figured 
out how to do that in Cmake.

Cheers,
        Moritz

--- libept-1.0.12.orig/CMakeLists.txt	2013-10-24 20:54:32.000000000 +0200
+++ libept-1.0.12/CMakeLists.txt	2014-01-03 03:01:24.096561008 +0100
@@ -16,6 +16,8 @@
 	OUTPUT_STRIP_TRAILING_WHITESPACE
 	)
 set( LIBEPT_SOVERSION "1.aptpkg${LIBAPT_ABI_VERSION}" )
+set( CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro" )
+
 set( APT_INCLUDES "/usr/include/" CACHE STRING "apt include path" )
 set( APT_LINKDIRS "/usr/lib/" CACHE STRING "apt library path" )
 set( OPT_FLAGS "-O0 -g" CACHE STRING "optimization level" )

Bug#734632: Hardening build flags

Reply via email to