8
if (defined($ENV{'DEB_BUILD_HARDENING'}) && $ENV{'DEB_BUILD_HARDENING'}!='0') {
10
my $use_stack = defined($ENV{'DEB_BUILD_HARDENING_STACKPROTECTOR'}) ?
11
$ENV{'DEB_BUILD_HARDENING_STACKPROTECTOR'} : 1;
12
my $use_format = defined($ENV{'DEB_BUILD_HARDENING_FORMAT'}) ?
13
$ENV{'DEB_BUILD_HARDENING_FORMAT'} : 1;
14
my $use_PIE = defined($ENV{'DEB_BUILD_HARDENING_PIE'}) ?
15
$ENV{'DEB_BUILD_HARDENING_PIE'} : 1;
16
my $use_fortify = defined($ENV{'DEB_BUILD_HARDENING_FORTIFY'}) ?
17
$ENV{'DEB_BUILD_HARDENING_FORTIFY'} : 1;
18
$debug = defined($ENV{'DEB_BUILD_HARDENING_DEBUG'}) ?
19
$ENV{'DEB_BUILD_HARDENING_DEBUG'} : 0;
22
foreach my $arg (@ARGV) {
23
if ($arg eq "-fPIC" ||
32
$arg eq "-D__KERNEL__" ||
33
$arg eq "-nostdlib" ||
34
$arg eq "-nostartfiles")
41
if ($arg =~ /^-D_FORTIFY_SOURCE(=|$)/) {
46
# Enable SSP by default (disable with -fno-stack-protector)
48
push(@args,'-fstack-protector');
51
# Enable -fPIE by default (disable with -nopie)
59
# Enable glibc protections by default (-02 should already be defined...)
60
# (disable with -D_FORTIFY_SOURCE=0)
62
push(@args,'-D_FORTIFY_SOURCE=2');
65
# Enable format string checking (disable with -Wno-format)
67
push(@args,'-Wformat','-Wformat=security');
71
my @target = ("g++.real", @args, @ARGV);
73
print STDERR join(" ",@target),"\n" if ($debug);
75
exec @target or die "Unable to exec $target[0]: $!\n";