Uploaded image for project: 'MariaDB ColumnStore'
  1. MariaDB ColumnStore
  2. MCOL-579

Enabled harderning compile flags

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 1.1.0
    • None
    • None
    • 2017-15, 2017-16, 2017-17, 2017-18

    Description

      For security we should add the harderning flags used in MariaDB. The section in their CMake is:

      # enable security hardening features, like most distributions do
      		 
      # in our benchmarks that costs about ~1% of performance, depending on the load
      		 
      IF(CMAKE_C_COMPILER_VERSION VERSION_LESS "4.6")
      		 
        SET(security_default OFF)
      		 
      ELSE()
      		 
        SET(security_default ON)
      		 
      ENDIF()
      		 
      OPTION(SECURITY_HARDENED "Use security-enhancing compiler features (stack protector, relro, etc)" ${security_default})
      		 
      IF(SECURITY_HARDENED)
      		 
        # security-enhancing flags
      		 
        MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC")
      		 
        MY_CHECK_AND_SET_COMPILER_FLAG("-Wl,-z,relro,-z,now")
      		 
        MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4")
      		 
        MY_CHECK_AND_SET_COMPILER_FLAG("-D_FORTIFY_SOURCE=2" RELEASE RELWITHDEBINFO)
      		 
      ENDIF()

      Attachments

        Activity

          People

            dleeyh Daniel Lee (Inactive)
            LinuxJedi Andrew Hutchings (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.