adjust build options to harden binaries

enable hardware-enforced stack protection on compatible hardware/software (/CETCOMPAT linker option) enable QSpectre protection enable Control Flow Guard issues were found by Microsoft BinSkim
2 years ago · 55580d33b7
1 changed files with 9 additions and 0 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -35,6 +35,15 @@ find_package(OpenSSL REQUIRED)

 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -DDEBUG")

+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
+set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
+
+if(NOT (${CMAKE_C_COMPILER_ARCHITECTURE_ID} STREQUAL "ARM64"))
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
+endif()
+
 target_link_libraries(${PROJECT_NAME} PRIVATE
    OpenSSL::SSL
    Wtsapi32.lib