aboutsummaryrefslogtreecommitdiffstats
path: root/include/hardening.mk
Commit message (Collapse)AuthorAgeFilesLines
* build: ASLR hardening use $(FPIC)Kevin Darbyshire-Bryant2018-12-181-1/+1
| | | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 89b59994eb44b5cd2fac594144c20c63fd05ef25)
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-271-0/+7
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* hardening: make override variables more intuitiveSteven Barth2015-06-241-12/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46119
* gcc/musl: rework SSP-supportSteven Barth2015-06-221-2/+0
| | | | | | | | | | | Make musl provide libssp_nonshared.a and make GCC link it unconditionally if musl is used. This should be a no-op if SSP is disabled and seems to be the only reliable way of dealing with SSP over all packages due to the mess that is linkerflags handling in packages. Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46108
* buildroot: move hardening options into separate fileSteven Barth2015-06-201-0/+55
Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46070