|
@@ -715,6 +715,7 @@ comment "Security Hardening Options"
|
|
|
|
|
|
|
|
config BR2_PIC_PIE
|
|
config BR2_PIC_PIE
|
|
|
bool "Build code with PIC/PIE"
|
|
bool "Build code with PIC/PIE"
|
|
|
|
|
+ default y
|
|
|
depends on BR2_SHARED_LIBS
|
|
depends on BR2_SHARED_LIBS
|
|
|
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
|
|
depends on BR2_TOOLCHAIN_SUPPORTS_PIE
|
|
|
help
|
|
help
|
|
@@ -727,7 +728,9 @@ comment "PIC/PIE needs a toolchain w/ PIE"
|
|
|
|
|
|
|
|
choice
|
|
choice
|
|
|
bool "Stack Smashing Protection"
|
|
bool "Stack Smashing Protection"
|
|
|
- default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
|
|
|
|
|
|
|
+ default BR2_SSP_ALL if BR2_ENABLE_SSP
|
|
|
|
|
+ default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
|
|
|
|
|
+ default BR2_SSP_REGULAR
|
|
|
depends on BR2_TOOLCHAIN_HAS_SSP
|
|
depends on BR2_TOOLCHAIN_HAS_SSP
|
|
|
help
|
|
help
|
|
|
Enable stack smashing protection support using GCC's
|
|
Enable stack smashing protection support using GCC's
|
|
@@ -789,6 +792,8 @@ comment "Stack Smashing Protection needs a toolchain w/ SSP"
|
|
|
|
|
|
|
|
choice
|
|
choice
|
|
|
bool "RELRO Protection"
|
|
bool "RELRO Protection"
|
|
|
|
|
+ default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
|
|
|
|
|
+ default BR2_RELRO_PARTIAL
|
|
|
depends on BR2_SHARED_LIBS
|
|
depends on BR2_SHARED_LIBS
|
|
|
help
|
|
help
|
|
|
Enable a link-time protection know as RELRO (RELocation Read
|
|
Enable a link-time protection know as RELRO (RELocation Read
|
|
@@ -825,6 +830,7 @@ comment "RELocation Read Only (RELRO) needs shared libraries"
|
|
|
|
|
|
|
|
choice
|
|
choice
|
|
|
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
|
|
bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
|
|
|
|
|
+ default BR2_FORTIFY_SOURCE_1
|
|
|
depends on BR2_TOOLCHAIN_USES_GLIBC
|
|
depends on BR2_TOOLCHAIN_USES_GLIBC
|
|
|
depends on !BR2_OPTIMIZE_0
|
|
depends on !BR2_OPTIMIZE_0
|
|
|
help
|
|
help
|
Fabrice Fontaine