Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
58bfe9da
Commit
58bfe9da
authored
Aug 26, 2019
by
Sergei Golubchik
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cleanup: SECURITY_HARDENED in CMakeLists.txt
parent
eb8f7005
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
22 deletions
+9
-22
CMakeLists.txt
CMakeLists.txt
+9
-22
No files found.
CMakeLists.txt
View file @
58bfe9da
...
@@ -220,9 +220,6 @@ ENDIF()
...
@@ -220,9 +220,6 @@ ENDIF()
OPTION
(
WITH_TSAN
"Enable thread sanitizer"
OFF
)
OPTION
(
WITH_TSAN
"Enable thread sanitizer"
OFF
)
IF
(
WITH_TSAN
)
IF
(
WITH_TSAN
)
IF
(
SECURITY_HARDENED
)
MESSAGE
(
FATAL_ERROR
"WITH_TSAN and SECURITY_HARDENED are mutually exclusive"
)
ENDIF
()
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fsanitize=thread"
DEBUG RELWITHDEBINFO
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fsanitize=thread"
DEBUG RELWITHDEBINFO
)
ENDIF
()
ENDIF
()
...
@@ -236,25 +233,15 @@ IF (WITH_MSAN)
...
@@ -236,25 +233,15 @@ IF (WITH_MSAN)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fsanitize=memory -fsanitize-memory-track-origins -U_FORTIFY_SOURCE"
DEBUG RELWITHDEBINFO
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fsanitize=memory -fsanitize-memory-track-origins -U_FORTIFY_SOURCE"
DEBUG RELWITHDEBINFO
)
ENDIF
()
ENDIF
()
IF
(
NOT WITH_TSAN
)
# enable security hardening features, like most distributions do
# enable security hardening features, like most distributions do
# in our benchmarks that costs about ~1% of performance, depending on the load
# in our benchmarks that costs about ~1% of performance, depending on the load
OPTION
(
SECURITY_HARDENED
"Use security-enhancing compiler features (stack protector, relro, etc)"
ON
)
IF
(
CMAKE_C_COMPILER_VERSION VERSION_LESS
"4.6"
OR WITH_ASAN OR WITH_UBSAN
)
IF
(
SECURITY_HARDENED AND NOT WITH_ASAN AND NOT WITH_UBSAN AND NOT WITH_TSAN
)
SET
(
security_default OFF
)
ELSE
()
SET
(
security_default ON
)
ENDIF
()
OPTION
(
SECURITY_HARDENED
"Use security-enhancing compiler features (stack protector, relro, etc)"
${
security_default
}
)
IF
(
SECURITY_HARDENED
)
IF
(
WITH_ASAN OR WITH_UBSAN
)
MESSAGE
(
FATAL_ERROR
"WITH_ASAN/WITH_UBSAN and SECURITY_HARDENED are mutually exclusive"
)
ENDIF
()
# security-enhancing flags
# security-enhancing flags
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-pie -fPIC"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-pie -fPIC"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-Wl,-z,relro,-z,now"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-Wl,-z,relro,-z,now"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fstack-protector --param=ssp-buffer-size=4"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-fstack-protector --param=ssp-buffer-size=4"
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-D_FORTIFY_SOURCE=2"
RELEASE RELWITHDEBINFO
)
MY_CHECK_AND_SET_COMPILER_FLAG
(
"-D_FORTIFY_SOURCE=2"
RELEASE RELWITHDEBINFO
)
ENDIF
()
ENDIF
()
ENDIF
()
# Always enable debug sync for debug builds.
# Always enable debug sync for debug builds.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment