X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=a082a5e0e2ed9ad3e9749440c3f244aee8668072;hb=d12d81f8d41d8169c1299375ff15c232231d972c;hp=f3f1930bb8e67b85306b6bdcd9e7d630559da09a;hpb=ce731158c86b0b7f78461a264920ac777f44d921;p=openwrt%2Fopenwrt.git

diff --git a/config/Config-build.in b/config/Config-build.in
index f3f1930bb8..a082a5e0e2 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -9,15 +9,16 @@ menu "Global build settings"
 
 	config ALL_NONSHARED
 		bool "Select all target specific packages by default"
-		default ALL || BUILDBOT
+		select ALL_KMODS
+		default BUILDBOT
 
 	config ALL_KMODS
 		bool "Select all kernel module packages by default"
-		default ALL
 
 	config ALL
 		bool "Select all userspace packages by default"
-		default n
+		select ALL_KMODS
+		select ALL_NONSHARED
 
 	config BUILDBOT
 		bool "Set build defaults for automatic builds (e.g. via buildbot)"
@@ -40,7 +41,7 @@ menu "Global build settings"
 		default n
 
 	config BUILD_PATENTED
-		default y
+		default n
 		bool "Compile with support for patented functionality"
 		help
 		  When this option is disabled, software which provides patented functionality
@@ -183,6 +184,22 @@ menu "Global build settings"
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
 		  Makefile.
 
+	config PKG_ASLR_PIE
+		bool
+		prompt "User space ASLR PIE compilation"
+		select BUSYBOX_DEFAULT_PIE
+		default n
+		help
+		  Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
+		  This enables package build as Position Independent Executables (PIE)
+		  to protect against "return-to-text" attacks. This belongs to the
+		  feature of Address Space Layout Randomisation (ASLR), which is
+		  implemented by the kernel and the ELF loader by randomising the
+		  location of memory allocations. This makes memory addresses harder
+		  to predict when an attacker is attempting a memory-corruption exploit.
+		  You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
+		  Makefile.
+
 	choice
 		prompt "User space Stack-Smashing Protection"
 		depends on USE_MUSL
@@ -193,11 +210,11 @@ menu "Global build settings"
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT if !USE_MUSL
+			select GCC_LIBSSP if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT if !USE_MUSL
+			select GCC_LIBSSP if !USE_MUSL
 			depends on !GCC_VERSION_4_8
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice