Fixup for osx hardening options.

(cherry-picked from commit da6ebc7)
hsilva · Oct 7, 2018 · bc3ad71 · bc3ad71
1 parent 6be6646
commit bc3ad71
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -247,7 +247,11 @@ endif(NOT "${CMAKE_CXX_FLAGS}" STREQUAL "${COMPILER_FLAGS}")
 if(HARDEN)
 	set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE -fstack-protector-strong")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE -fstack-protector-strong")
-	set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,now,-z,relro")
+	if(NOT APPLE)
+		set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,now,-z,relro")
+	else(NOT APPLE)
+		set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -Wl,-pie")
+	endif(NOT APPLE)
 	add_definitions(-D_FORTIFY_SOURCE=2)
 endif(HARDEN)
 

diff --git a/SConstruct b/SConstruct
@@ -497,15 +497,20 @@ for env in [test_env, client_env, env]:
 
 # #
 # Add options to provide more hardened executables
+# osx doesn't seem to support RELRO
 # #
 
         if env['harden']:
             env.AppendUnique(CCFLAGS = ["-fPIE", "-fstack-protector-strong"])
-            env.AppendUnique(LINKFLAGS = ["-fPIE", "-pie", "-Wl,-z,now,-z,relro"])
             env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"])
 
             if env["enable_lto"] == True:
                 env.AppendUnique(LINKFLAGS = ["-fstack-protector-strong"])
+
+            if env["PLATFORM"] == 'darwin':
+                env.AppendUnique(LINKFLAGS = ["-fPIE", "-Wl,-pie"])
+            else:
+                env.AppendUnique(LINKFLAGS = ["-fPIE", "-pie", "-Wl,-z,relro,-z,now"])
 
 # #
 # Start determining options for debug build