buildsystem: Make PIE ASLR option tristate

[openwrt/staging/wigyori.git] / config / Config-build.in

diff --git a/config/Config-build.in b/config/Config-build.in
index c0e4d869f873dcdef39c42061dded021c9b02b22..59dfaea8bb9bd7a90ed17e5d6316376bda3ad6a7 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -216,11 +216,10 @@ menu "Global build settings"
                  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
                  Makefile.
 
-       config PKG_ASLR_PIE
-               bool
+       choice
                prompt "User space ASLR PIE compilation"
-               select BUSYBOX_DEFAULT_PIE
-               default n
+               default PKG_ASLR_PIE_NONE if ((SMALL_FLASH || LOW_MEMORY_FOOTPRINT) && !SDK)
+               default PKG_ASLR_PIE_REGULAR
                help
                  Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
                  This enables package build as Position Independent Executables (PIE)
@@ -231,6 +230,21 @@ menu "Global build settings"
                  to predict when an attacker is attempting a memory-corruption exploit.
                  You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
                  Makefile.
+                 Be ware that ASLR increases the binary size.
+               config PKG_ASLR_PIE_NONE
+                       bool "None"
+                       help
+                         PIE is deactivated for all applications
+               config PKG_ASLR_PIE_REGULAR
+                       bool "Regular"
+                       help
+                         PIE is activated for some binaries, mostly network exposed applications
+               config PKG_ASLR_PIE_ALL
+                       bool "All"
+                       select BUSYBOX_DEFAULT_PIE
+                       help
+                         PIE is activated for all applications
+       endchoice
 
        choice
                prompt "User space Stack-Smashing Protection"