hardening: enable regular SSP support by default

[openwrt/svn-archive/archive.git] / config / Config-build.in

diff --git a/config/Config-build.in b/config/Config-build.in
index 82ec0d6d0a780846e2819dc9b7a1a1a67455a485..42b8e8e5e3acb27e17a832ef6359b43ccc38b955 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -219,7 +219,7 @@ menu "Global build settings"
 
        choice
                prompt "User space Stack-Smashing Protection"
-               default PKG_CC_STACKPROTECTOR_NONE
+               default PKG_CC_STACKPROTECTOR_REGULAR
                help
                  Enable GCC Stack Smashing Protection (SSP) for userspace applications
                config PKG_CC_STACKPROTECTOR_NONE
@@ -237,7 +237,7 @@ menu "Global build settings"
 
        choice
                prompt "Kernel space Stack-Smashing Protection"
-               default KERNEL_CC_STACKPROTECTOR_NONE
+               default KERNEL_CC_STACKPROTECTOR_REGULAR
                help
                  Enable GCC Stack-Smashing Protection (SSP) for the kernel
                config KERNEL_CC_STACKPROTECTOR_NONE
@@ -270,6 +270,7 @@ menu "Global build settings"
 
        choice
                prompt "Enable RELRO protection"
+               default PKG_RELRO_FULL
                help
                  Enable a link-time protection known as RELRO (Relocation Read Only)
                  which helps to protect from certain type of exploitation techniques