Use more hardening flags:

-D_FORTIFY_SOURCE=2 -Wl,-z,now (aka BIND_NOW) -Wl,-z,relro (read-only relocation tables) BUG=55439 Review URL: https://codereview.chromium.org/11411022 git-svn-id: http://src.chromium.org/svn/trunk/src/build@168889 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
2012-11-20 22:35:25 +00:00 · 2012-11-20 22:35:25 +00:00 · 65657dcff9
--- a/common.gypi
+++ b/common.gypi
@ -2253,6 +2253,29 @@
    },
  },
  'conditions': [
+    ['os_posix==1', {
+      'target_defaults': {
+        'cflags': [
+          # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc
+          # supports it.
+          '-fstack-protector',
+          '--param=ssp-buffer-size=4',
+        ],
+        'ldflags': [
+          '-Wl,-z,now',
+          '-Wl,-z,relro',
+        ],
+        'conditions': [
+          ['chromium_code==1', {
+            # Non-chromium code is not guaranteed to compile cleanly
+            # with _FORTIFY_SOURCE.
+            'defines': [
+              '_FORTIFY_SOURCE=2',
+            ],
+          }],
+        ],
+      },
+    }],
    ['os_posix==1 and OS!="mac" and OS!="ios"', {
      'target_defaults': {
        # Enable -Werror by default, but put it in a variable so it can