include/hardening.mk

   1 #
   2 # Copyright (C) 2015 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 PKG_CHECK_FORMAT_SECURITY ?= 1
   9 PKG_CC_STACKPROTECTOR_REGULAR ?= 1
  10 PKG_CC_STACKPROTECTOR_STRONG ?= 1
  11 PKG_FORTIFY_SOURCE_1 ?= 1
  12 PKG_FORTIFY_SOURCE_2 ?= 1
  13 PKG_RELRO_PARTIAL ?= 1
  14 PKG_RELRO_FULL ?= 1
  15
  16 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
  17   ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
  18     TARGET_CFLAGS += -Wformat -Werror=format-security
  19   endif
  20 endif
  21 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
  22   ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
  23     TARGET_CFLAGS += -fstack-protector
  24     TARGET_LDFLAGS += -fstack-protector
  25   endif
  26 endif
  27 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
  28   ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
  29     TARGET_CFLAGS += -fstack-protector-strong
  30     TARGET_LDFLAGS += -fstack-protector-strong
  31   endif
  32 endif
  33 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
  34   ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
  35     TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
  36   endif
  37 endif
  38 ifdef CONFIG_PKG_FORTIFY_SOURCE_2
  39   ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
  40     TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
  41   endif
  42 endif
  43 ifdef CONFIG_PKG_RELRO_PARTIAL
  44   ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
  45     TARGET_CFLAGS += -Wl,-z,relro
  46     TARGET_LDFLAGS += -zrelro
  47   endif
  48 endif
  49 ifdef CONFIG_PKG_RELRO_FULL
  50   ifeq ($(strip $(PKG_RELRO_FULL)),1)
  51     TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
  52     TARGET_LDFLAGS += -znow -zrelro
  53   endif
  54 endif
  55