staging/blogic/include/hardening.mk, branch masterJohn Crispins staging treehttps://git.openwrt.org/openwrt/staging/blogic/atom?h=master2018-07-30T12:26:16Zbuild: fix ASLR for LTO packages2018-07-30T12:26:16ZJulien Dusser2018-07-17T16:29:34Zurn:sha1:4dfa6b7a300188db2d97a291f9c1303286a6bcc5
Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled.
Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker
command line, even if all objects are -fPIC. This may change as PR
lto/80838 is merged into 8.1
compile-tested: ar71xx, ath79
Fix commits:
6dac92a42e052f89971762173daabb7fd84742ef
8c11133c9de632dca69c8464f911d8e2716effe2
07940acc341ee9bb2887359f193625e48f36207e
e7397eef69a20fc630148d0e597523e139d21c0c
ef16a394d2b24a363b50b5b4720cb23fe156c9da
ef96d1e34a990871c912938c336f51a510b1e32f
47b42137ce1e931ae5871952b1f98438396f5e07
73fc67b61480a3430d31de33478a1c0c2c364b9c
154c0c4006daf41e2cbb6c8b7ad5557f83dfea3e
804c51e1e661819c5a7532e66fb8a12166eef9a9
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
build: ASLR hardening use $(FPIC)2018-07-03T13:19:10ZKevin Darbyshire-Bryant2018-06-09T08:11:24Zurn:sha1:89b59994eb44b5cd2fac594144c20c63fd05ef25
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
build: add hardened builds with PIE (ASLR) support2018-01-27T15:46:45ZJulien Dusser2018-01-08T22:47:06Zurn:sha1:df0bd42fdeb76c9bc51b816c3df699db123c0024
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
hardening: make override variables more intuitive2015-06-24T10:57:14ZSteven Barth2015-06-24T10:57:14Zurn:sha1:6010a1cdb729aefdb1121b29b26347c664e20fff
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46119
gcc/musl: rework SSP-support2015-06-22T10:31:07ZSteven Barth2015-06-22T10:31:07Zurn:sha1:1877bc9d8f2be143fbe530347a945850d0ecd234
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46108
buildroot: move hardening options into separate file2015-06-20T17:37:18ZSteven Barth2015-06-20T17:37:18Zurn:sha1:fc5f02410f27de8b2b97a8edccb859773094591e
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46070