X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;ds=sidebyside;f=config%2FConfig-build.in;h=a082a5e0e2ed9ad3e9749440c3f244aee8668072;hb=6dd94c2781b79ffd20f1a57a48fa2314d67ee190;hp=f9987fcd2bb7118b5f1bb90e9d734293a2a729d0;hpb=589621b1c03c25e6436d30aaa508aef2484244a6;p=openwrt%2Fstaging%2Fwigyori.git diff --git a/config/Config-build.in b/config/Config-build.in index f9987fcd2b..a082a5e0e2 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -41,7 +41,7 @@ menu "Global build settings" default n config BUILD_PATENTED - default y + default n bool "Compile with support for patented functionality" help When this option is disabled, software which provides patented functionality @@ -184,6 +184,22 @@ menu "Global build settings" this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package Makefile. + config PKG_ASLR_PIE + bool + prompt "User space ASLR PIE compilation" + select BUSYBOX_DEFAULT_PIE + default n + help + Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS. + This enables package build as Position Independent Executables (PIE) + to protect against "return-to-text" attacks. This belongs to the + feature of Address Space Layout Randomisation (ASLR), which is + implemented by the kernel and the ELF loader by randomising the + location of memory allocations. This makes memory addresses harder + to predict when an attacker is attempting a memory-corruption exploit. + You can disable this per package by adding PKG_ASLR_PIE:=0 in the package + Makefile. + choice prompt "User space Stack-Smashing Protection" depends on USE_MUSL @@ -194,11 +210,11 @@ menu "Global build settings" bool "None" config PKG_CC_STACKPROTECTOR_REGULAR bool "Regular" - select SSP_SUPPORT if !USE_MUSL + select GCC_LIBSSP if !USE_MUSL depends on KERNEL_CC_STACKPROTECTOR_REGULAR config PKG_CC_STACKPROTECTOR_STRONG bool "Strong" - select SSP_SUPPORT if !USE_MUSL + select GCC_LIBSSP if !USE_MUSL depends on !GCC_VERSION_4_8 depends on KERNEL_CC_STACKPROTECTOR_STRONG endchoice