host compiler: enable compiler hardening flags
Enable the following compiler hardening flags:
* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector
relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.
stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.
Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.
Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk
index 5f62400..8eda6c0 100644
--- a/core/combo/HOST_linux-x86.mk
+++ b/core/combo/HOST_linux-x86.mk
@@ -29,7 +29,7 @@
# We expect SSE3 floating point math.
$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott
-$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack
+$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
ifneq ($(strip $(BUILD_HOST_static)),)
# Statically-linked binaries are desirable for sandboxed environment
@@ -40,8 +40,8 @@
-no-canonical-prefixes \
-include $(call select-android-config-h,linux-x86)
-# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15?
-$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
+# TODO: Set _FORTIFY_SOURCE=2. Bug 20558757.
+$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector
# Workaround differences in inttypes.h between host and target.
# See bug 12708004.