X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=a082a5e0e2ed9ad3e9749440c3f244aee8668072;hb=9685f3978795727ac99d5d20a4af16c808b1e24b;hp=7ec7653a9ab708230a1a51c8210369de642120ea;hpb=dc555d003c21679c8c94ac7f5c74cbd5cd089ae0;p=openwrt%2Fstaging%2Fwigyori.git

diff --git a/config/Config-build.in b/config/Config-build.in
index 7ec7653a9a..a082a5e0e2 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -184,6 +184,22 @@ menu "Global build settings"
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
 		  Makefile.
 
+	config PKG_ASLR_PIE
+		bool
+		prompt "User space ASLR PIE compilation"
+		select BUSYBOX_DEFAULT_PIE
+		default n
+		help
+		  Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
+		  This enables package build as Position Independent Executables (PIE)
+		  to protect against "return-to-text" attacks. This belongs to the
+		  feature of Address Space Layout Randomisation (ASLR), which is
+		  implemented by the kernel and the ELF loader by randomising the
+		  location of memory allocations. This makes memory addresses harder
+		  to predict when an attacker is attempting a memory-corruption exploit.
+		  You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
+		  Makefile.
+
 	choice
 		prompt "User space Stack-Smashing Protection"
 		depends on USE_MUSL
@@ -194,11 +210,11 @@ menu "Global build settings"
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT if !USE_MUSL
+			select GCC_LIBSSP if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT if !USE_MUSL
+			select GCC_LIBSSP if !USE_MUSL
 			depends on !GCC_VERSION_4_8
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice