Hello everyone,
I’m currently maintaining an iOS app that includes a Kotlin Multiplatform dependency, built and integrated as an .xcframework.
Here’s a snippet from my build.gradle.kts that shows the setup for building the xcframework:
...
kotlin {
val xcFramework = XCFramework()
androidTarget {
@OptIn(ExperimentalKotlinGradlePluginApi::class)
compilerOptions.jvmTarget.set(JvmTarget.JVM_1_8)
}
iosX64 {
binaries.framework {
xcFramework.add(this)
}
}
iosArm64 {
binaries.framework {
xcFramework.add(this)
}
}
iosSimulatorArm64 {
binaries.framework {
xcFramework.add(this)
}
}
cocoapods {
version = releaseVersion
name = libraryName
ios.deploymentTarget = "14.0"
extraSpecAttributes["vendored_frameworks"] = "'$libraryName.xcframework'"
framework {
baseName = libraryName
}
}
...
I’m building the xcframework with ./gradlew podPublishReleaseXCFramework.
Here’s my issue:
A recent security audit revealed that this framework has Stack Canaries disabled, making the library vulnerable to stack-smashing attacks. The suggested solution is to add the -fstack-protector-all flag, but as I understand, this is specific to C compilers and isn’t directly applicable in my case.
Is there any way to enable stack canaries for xcframeworks built with Kotlin Multiplatform? I appreciate any help.