aboutsummaryrefslogtreecommitdiffstats
path: root/include/hardening.mk
Commit message (Collapse)AuthorAgeFilesLines
* build: fix ASLR for LTO packagesJulien Dusser2018-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled. Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker command line, even if all objects are -fPIC. This may change as PR lto/80838 is merged into 8.1 compile-tested: ar71xx, ath79 Fix commits: 6dac92a42e052f89971762173daabb7fd84742ef 8c11133c9de632dca69c8464f911d8e2716effe2 07940acc341ee9bb2887359f193625e48f36207e e7397eef69a20fc630148d0e597523e139d21c0c ef16a394d2b24a363b50b5b4720cb23fe156c9da ef96d1e34a990871c912938c336f51a510b1e32f 47b42137ce1e931ae5871952b1f98438396f5e07 73fc67b61480a3430d31de33478a1c0c2c364b9c 154c0c4006daf41e2cbb6c8b7ad5557f83dfea3e 804c51e1e661819c5a7532e66fb8a12166eef9a9 Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: ASLR hardening use $(FPIC)Kevin Darbyshire-Bryant2018-07-031-1/+1
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-271-0/+7
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* hardening: make override variables more intuitiveSteven Barth2015-06-241-12/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46119
* gcc/musl: rework SSP-supportSteven Barth2015-06-221-2/+0
| | | | | | | | | | | Make musl provide libssp_nonshared.a and make GCC link it unconditionally if musl is used. This should be a no-op if SSP is disabled and seems to be the only reliable way of dealing with SSP over all packages due to the mess that is linkerflags handling in packages. Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46108
* buildroot: move hardening options into separate fileSteven Barth2015-06-201-0/+55
Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46070
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 18:44:25 +0000