From 2d4dd108296d327b874492fbd55ebbe00d003ef4 Mon Sep 17 00:00:00 2001
From: "Shao,Ting" <ting.shao@intel.com>
Date: Thu, 3 May 2018 16:51:56 +0800
Subject: [PATCH] build: add '-z relro -z now' linker flags

These flags could make some sections and the GOT entries of node
process read only to avoid being modified after dynamic linking is
done, thus the security could be enhanced.

Fixes: https://github.com/nodejs/node/issues/20122
PR-URL: https://github.com/nodejs/node/pull/20513
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 node.gypi | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/node.gypi b/node.gypi
index 0d66a842ad4de1..fd7c70a12b15f4 100644
--- a/node.gypi
+++ b/node.gypi
@@ -291,7 +291,10 @@
     [ 'OS=="sunos"', {
       'ldflags': [ '-Wl,-M,/usr/lib/ld/map.noexstk' ],
     }],
-
+    [ 'OS in "freebsd linux"', {
+      'ldflags': [ '-Wl,-z,relro',
+                   '-Wl,-z,now' ]
+    }],
     [ 'node_use_openssl=="true"', {
       'defines': [ 'HAVE_OPENSSL=1' ],
       'conditions': [