From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 14 Aug 2020 16:25:26 +0000 (+0000)
Subject: make.sh: Add -fcf-protection for x86_64/i586
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=5eec0f21a6515e787ea8af0653c1048171d5d635

make.sh: Add -fcf-protection for x86_64/i586

Instrument binaries to guard against ROP/JOP attacks.

This flag in only available on x86_64 and i586.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/make.sh b/make.sh
index fae75fdc99..99ac1bc852 100755
--- a/make.sh
+++ b/make.sh
@@ -146,14 +146,14 @@ configure_build() {
 			BUILDTARGET="${build_arch}-unknown-linux-gnu"
 			CROSSTARGET="${build_arch}-cross-linux-gnu"
 			BUILD_PLATFORM="x86"
-			CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection"
+			CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection -fcf-protection"
 			;;
 
 		i586)
 			BUILDTARGET="${build_arch}-pc-linux-gnu"
 			CROSSTARGET="${build_arch}-cross-linux-gnu"
 			BUILD_PLATFORM="x86"
-			CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer"
+			CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer -fcf-protection"
 			;;
 
 		aarch64)