Windows: Enable CFG and SafeSEH linker security flags

author Michael Schuster <michael@schuster.ms>

Fri, 31 Jul 2020 21:51:28 +0000 (23:51 +0200)

committer Kevin Ottens <ervin@ipsquad.net>

Mon, 3 Aug 2020 08:11:33 +0000 (10:11 +0200)
author Michael Schuster <michael@schuster.ms>
Fri, 31 Jul 2020 21:51:28 +0000 (23:51 +0200)
committer Kevin Ottens <ervin@ipsquad.net>
Mon, 3 Aug 2020 08:11:33 +0000 (10:11 +0200)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt

index c74c665355ae901cece4eac4ee8691678cb13d04..a79edfcfb7c7fea56a3f2d720302518d4720ae43 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -34,9 +34,15 @@ if(NOT MSVC)
  endif()
  
  if(WIN32)
-  # Enable DEP & ASLR
-  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /nxcompat /dynamicbase")
-  set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /nxcompat /dynamicbase")
+  # Enable DEP, ASLR and CFG
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /nxcompat /dynamicbase /guard:cf")
+  set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /nxcompat /dynamicbase /guard:cf")
+
+  # x86 only: Enable SafeSEH
+  if(CMAKE_SYSTEM_PROCESSOR MATCHES "i686.*|i386.*|x86.*")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /safeseh")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /safeseh")
+  endif()
  elseif(UNIX AND NOT APPLE)
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
author	Michael Schuster <michael@schuster.ms>
	Fri, 31 Jul 2020 21:51:28 +0000 (23:51 +0200)
committer	Kevin Ottens <ervin@ipsquad.net>
	Mon, 3 Aug 2020 08:11:33 +0000 (10:11 +0200)