toolchain: add BR2_USE_SSP option for stack protection support
Using the support in uClibc.
This commit is contained in:
parent
3b712a3d89
commit
503ab93cfe
|
@ -85,6 +85,15 @@ config BR2_SOFT_FLOAT
|
||||||
|
|
||||||
Most people will answer N.
|
Most people will answer N.
|
||||||
|
|
||||||
|
config BR2_USE_SSP
|
||||||
|
bool "Enable stack protection support"
|
||||||
|
help
|
||||||
|
Enable stack smashing protection support using GCCs
|
||||||
|
-fstack-protector[-all] option.
|
||||||
|
|
||||||
|
See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
|
||||||
|
for details.
|
||||||
|
|
||||||
choice
|
choice
|
||||||
prompt "Thread library implementation"
|
prompt "Thread library implementation"
|
||||||
default BR2_PTHREADS_OLD
|
default BR2_PTHREADS_OLD
|
||||||
|
|
|
@ -173,14 +173,18 @@ DEVEL_PREFIX="/usr/"
|
||||||
#
|
#
|
||||||
# uClibc security related options
|
# uClibc security related options
|
||||||
#
|
#
|
||||||
# UCLIBC_SECURITY is not set
|
|
||||||
# UCLIBC_BUILD_PIE is not set
|
# UCLIBC_BUILD_PIE is not set
|
||||||
# UCLIBC_HAS_ARC4RANDOM is not set
|
# UCLIBC_HAS_ARC4RANDOM is not set
|
||||||
# HAVE_NO_SSP is not set
|
# HAVE_NO_SSP is not set
|
||||||
# UCLIBC_HAS_SSP is not set
|
UCLIBC_HAS_SSP=y
|
||||||
|
# UCLIBC_HAS_SSP_COMPAT is not set
|
||||||
|
# SSP_QUICK_CANARY is not set
|
||||||
|
PROPOLICE_BLOCK_ABRT=y
|
||||||
|
# PROPOLICE_BLOCK_SEGV is not set
|
||||||
|
# UCLIBC_BUILD_SSP is not set
|
||||||
UCLIBC_BUILD_RELRO=y
|
UCLIBC_BUILD_RELRO=y
|
||||||
UCLIBC_BUILD_NOW=y
|
UCLIBC_BUILD_NOW=y
|
||||||
# UCLIBC_BUILD_NOEXECSTACK is not set
|
UCLIBC_BUILD_NOEXECSTACK=y
|
||||||
|
|
||||||
#
|
#
|
||||||
# uClibc development/debugging options
|
# uClibc development/debugging options
|
||||||
|
|
|
@ -196,12 +196,17 @@ DEVEL_PREFIX="/usr/"
|
||||||
# Security options
|
# Security options
|
||||||
#
|
#
|
||||||
# UCLIBC_BUILD_PIE is not set
|
# UCLIBC_BUILD_PIE is not set
|
||||||
UCLIBC_HAS_ARC4RANDOM=y
|
# UCLIBC_HAS_ARC4RANDOM is not set
|
||||||
# HAVE_NO_SSP is not set
|
# HAVE_NO_SSP is not set
|
||||||
# UCLIBC_HAS_SSP is not set
|
UCLIBC_HAS_SSP=y
|
||||||
|
# UCLIBC_HAS_SSP_COMPAT is not set
|
||||||
|
# SSP_QUICK_CANARY is not set
|
||||||
|
PROPOLICE_BLOCK_ABRT=y
|
||||||
|
# PROPOLICE_BLOCK_SEGV is not set
|
||||||
|
# UCLIBC_BUILD_SSP is not set
|
||||||
UCLIBC_BUILD_RELRO=y
|
UCLIBC_BUILD_RELRO=y
|
||||||
UCLIBC_BUILD_NOW=y
|
UCLIBC_BUILD_NOW=y
|
||||||
# UCLIBC_BUILD_NOEXECSTACK is not set
|
UCLIBC_BUILD_NOEXECSTACK=y
|
||||||
|
|
||||||
#
|
#
|
||||||
# uClibc development/debugging options
|
# uClibc development/debugging options
|
||||||
|
|
|
@ -302,6 +302,11 @@ else
|
||||||
$(SED) '/UCLIBC_HAS_FLOATS/d' \
|
$(SED) '/UCLIBC_HAS_FLOATS/d' \
|
||||||
-e 's,.*UCLIBC_HAS_FPU.*,UCLIBC_HAS_FPU=y\nHAS_FPU=y\nUCLIBC_HAS_FLOATS=y\n,g' \
|
-e 's,.*UCLIBC_HAS_FPU.*,UCLIBC_HAS_FPU=y\nHAS_FPU=y\nUCLIBC_HAS_FLOATS=y\n,g' \
|
||||||
$(UCLIBC_DIR)/.oldconfig
|
$(UCLIBC_DIR)/.oldconfig
|
||||||
|
endif
|
||||||
|
ifeq ($(BR2_USE_SSP),y)
|
||||||
|
$(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=y,g' $(UCLIBC_DIR)/.oldconfig
|
||||||
|
else
|
||||||
|
$(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=n,g' $(UCLIBC_DIR)/.oldconfig
|
||||||
endif
|
endif
|
||||||
$(SED) '/UCLIBC_HAS_THREADS/d' $(UCLIBC_DIR)/.oldconfig
|
$(SED) '/UCLIBC_HAS_THREADS/d' $(UCLIBC_DIR)/.oldconfig
|
||||||
$(SED) '/LINUXTHREADS/d' $(UCLIBC_DIR)/.oldconfig
|
$(SED) '/LINUXTHREADS/d' $(UCLIBC_DIR)/.oldconfig
|
||||||
|
|
Loading…
Reference in New Issue
Block a user