From 65657dcff9b39dd4a39cc6b2afc2ea9c747c7e2a Mon Sep 17 00:00:00 2001
From: "phajdan.jr@chromium.org"
 <phajdan.jr@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>
Date: Tue, 20 Nov 2012 22:35:25 +0000
Subject: [PATCH] Use more hardening flags:

-D_FORTIFY_SOURCE=2
-Wl,-z,now (aka BIND_NOW)
-Wl,-z,relro (read-only relocation tables)

BUG=55439

Review URL: https://codereview.chromium.org/11411022

git-svn-id: http://src.chromium.org/svn/trunk/src/build@168889 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
---
 common.gypi | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/common.gypi b/common.gypi
index deadc29b3..99a3c468d 100644
--- a/common.gypi
+++ b/common.gypi
@@ -2253,6 +2253,29 @@
     },
   },
   'conditions': [
+    ['os_posix==1', {
+      'target_defaults': {
+        'cflags': [
+          # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc
+          # supports it.
+          '-fstack-protector',
+          '--param=ssp-buffer-size=4',
+        ],
+        'ldflags': [
+          '-Wl,-z,now',
+          '-Wl,-z,relro',
+        ],
+        'conditions': [
+          ['chromium_code==1', {
+            # Non-chromium code is not guaranteed to compile cleanly
+            # with _FORTIFY_SOURCE.
+            'defines': [
+              '_FORTIFY_SOURCE=2',
+            ],
+          }],
+        ],
+      },
+    }],
     ['os_posix==1 and OS!="mac" and OS!="ios"', {
       'target_defaults': {
         # Enable -Werror by default, but put it in a variable so it can