staging/kaloz/include/hardening.mk, branch masterStaging tree of Imre Kalozhttps://git.openwrt.org/openwrt/staging/kaloz/atom?h=master2018-01-27T15:46:45Zbuild: add hardened builds with PIE (ASLR) support2018-01-27T15:46:45ZJulien Dusser2018-01-08T22:47:06Zurn:sha1:df0bd42fdeb76c9bc51b816c3df699db123c0024
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
hardening: make override variables more intuitive2015-06-24T10:57:14ZSteven Barth2015-06-24T10:57:14Zurn:sha1:6010a1cdb729aefdb1121b29b26347c664e20fff
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46119
gcc/musl: rework SSP-support2015-06-22T10:31:07ZSteven Barth2015-06-22T10:31:07Zurn:sha1:1877bc9d8f2be143fbe530347a945850d0ecd234
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46108
buildroot: move hardening options into separate file2015-06-20T17:37:18ZSteven Barth2015-06-20T17:37:18Zurn:sha1:fc5f02410f27de8b2b97a8edccb859773094591e
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46070