hardening: enable RELRO by default

[openwrt/openwrt.git] / config / Config-build.in

diff --git a/config/Config-build.in b/config/Config-build.in
index 78582ab415f2b1dde22e050e3229a511999723e0..0584820cddfd8bd6285c1a52fcb0088e9cd5d16e 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -16,6 +16,7 @@ menu "Global build settings"
 
        config SIGNED_PACKAGES
                bool "Cryptographically signed package lists"
+               default y
 
        comment "General build options"
 
@@ -210,7 +211,7 @@ menu "Global build settings"
        config PKG_CHECK_FORMAT_SECURITY
                bool
                prompt "Enable gcc format-security"
-               default n
+               default y
                help
                  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
                  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
@@ -269,6 +270,7 @@ menu "Global build settings"
 
        choice
                prompt "Enable RELRO protection"
+               default PKG_RELRO_FULL
                help
                  Enable a link-time protection known as RELRO (Relocation Read Only)
                  which helps to protect from certain type of exploitation techniques