projects
/
openwrt
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
include/feeds.mk: fix distfeeds.conf without per-feed repos
[openwrt/openwrt.git]
/
include
/
hardening.mk
diff --git
a/include/hardening.mk
b/include/hardening.mk
index c277081c510773620345bf03d9a6a6d3fe060b95..60f39428e83e92ec52e45a181686b58cbadec039 100644
(file)
--- a/
include/hardening.mk
+++ b/
include/hardening.mk
@@
-6,6
+6,7
@@
#
PKG_CHECK_FORMAT_SECURITY ?= 1
#
PKG_CHECK_FORMAT_SECURITY ?= 1
+PKG_ASLR_PIE ?= 1
PKG_SSP ?= 1
PKG_FORTIFY_SOURCE ?= 1
PKG_RELRO ?= 1
PKG_SSP ?= 1
PKG_FORTIFY_SOURCE ?= 1
PKG_RELRO ?= 1
@@
-15,6
+16,12
@@
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
+ifdef CONFIG_PKG_ASLR_PIE
+ ifeq ($(strip $(PKG_ASLR_PIE)),1)
+ TARGET_CFLAGS += $(FPIC)
+ TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
+ endif
+endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector