From 2bfd85e3c716c07ddf6b7ac5167a1d14fa4dd1a0 Mon Sep 17 00:00:00 2001
From: rockihack <rocki.hack@gmail.com>
Date: Wed, 20 Sep 2017 18:26:06 +0200
Subject: [PATCH] Linux Hardening

see: https://wiki.debian.org/Hardening#User_Space
---
 src/CMakeLists.txt     | 12 ++++++++++++
 src/cmd/CMakeLists.txt |  5 +++++
 src/gui/CMakeLists.txt |  5 +++++
 3 files changed, 22 insertions(+)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2133b6c2e..5319fbdc2 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -12,6 +12,18 @@ if(WIN32)
   # Enable DEP & ASLR
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
   set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
+elseif(UNIX AND NOT APPLE)
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
+
+  string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+  if(CMAKE_BUILD_TYPE_LOWER MATCHES "(release|relwithdebinfo|minsizerel)")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_FORTIFY_SOURCE=2")
+  endif()
+
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
+  set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
 endif()
 
 add_subdirectory(csync)
diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
index 50a8e743f..9cdd6cf32 100644
--- a/src/cmd/CMakeLists.txt
+++ b/src/cmd/CMakeLists.txt
@@ -19,6 +19,11 @@ include_directories(${CMAKE_SOURCE_DIR}/src/csync
 # Need tokenizer for netrc parser
 include_directories(${CMAKE_SOURCE_DIR}/src/3rdparty/qtokenizer)
 
+if(UNIX AND NOT APPLE)
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pie -fPIE")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pie -fPIE")
+endif()
+
 if(NOT BUILD_LIBRARIES_ONLY)
    add_executable(${cmd_NAME}  ${cmd_SRC})
 	qt5_use_modules(${cmd_NAME} Network Sql)
diff --git a/src/gui/CMakeLists.txt b/src/gui/CMakeLists.txt
index d8b2b7745..03d7e0f0b 100644
--- a/src/gui/CMakeLists.txt
+++ b/src/gui/CMakeLists.txt
@@ -241,6 +241,11 @@ if (NOT NO_SHIBBOLETH)
     list(APPEND ADDITIONAL_APP_MODULES WebKitWidgets)
 endif()
 
+if(UNIX AND NOT APPLE)
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pie -fPIE")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pie -fPIE")
+endif()
+
 if(NOT BUILD_OWNCLOUD_OSX_BUNDLE)
 
     if(NOT WIN32)
-- 
2.30.2