From 0884f3e7fe69325a14644c24a466832b7e2e292b Mon Sep 17 00:00:00 2001
From: "Shao,Ting" <ting.shao@intel.com>
Date: Thu, 3 May 2018 16:51:56 +0800
Subject: [PATCH] build: add '-z relro -z now' linker flags

These flags could make some sections and the GOT entries of node
process read only to avoid being modified after dynamic linking is
done, thus the security could be enhanced.

Fixes: https://github.com/nodejs/node/issues/20122
---
 node.gypi | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/node.gypi b/node.gypi
index 0d66a842ad4de1..fd7c70a12b15f4 100644
--- a/node.gypi
+++ b/node.gypi
@@ -291,7 +291,10 @@
     [ 'OS=="sunos"', {
       'ldflags': [ '-Wl,-M,/usr/lib/ld/map.noexstk' ],
     }],
-
+    [ 'OS in "freebsd linux"', {
+      'ldflags': [ '-Wl,-z,relro',
+                   '-Wl,-z,now' ]
+    }],
     [ 'node_use_openssl=="true"', {
       'defines': [ 'HAVE_OPENSSL=1' ],
       'conditions': [