diff options
Diffstat (limited to 'include/hardening.mk')
| -rw-r--r-- | include/hardening.mk | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/include/hardening.mk b/include/hardening.mk index c277081c51..6acd862f5c 100644 --- a/include/hardening.mk +++ b/include/hardening.mk @@ -1,11 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-only # -# Copyright (C) 2015 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# +# Copyright (C) 2015-2020 OpenWrt.org PKG_CHECK_FORMAT_SECURITY ?= 1 +PKG_ASLR_PIE ?= 1 +PKG_ASLR_PIE_REGULAR ?= 0 PKG_SSP ?= 1 PKG_FORTIFY_SOURCE ?= 1 PKG_RELRO ?= 1 @@ -15,6 +14,18 @@ ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY TARGET_CFLAGS += -Wformat -Werror=format-security endif endif +ifdef CONFIG_PKG_ASLR_PIE_ALL + ifeq ($(strip $(PKG_ASLR_PIE)),1) + TARGET_CFLAGS += $(FPIC) + TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs + endif +endif +ifdef CONFIG_PKG_ASLR_PIE_REGULAR + ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1) + TARGET_CFLAGS += $(FPIC) + TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs + endif +endif ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR ifeq ($(strip $(PKG_SSP)),1) TARGET_CFLAGS += -fstack-protector |