diff options
author | Roland Hieber <rhi@pengutronix.de> | 2019-03-11 00:40:38 +0100 |
---|---|---|
committer | Robert Schwebel <r.schwebel@pengutronix.de> | 2019-03-11 06:47:41 +0100 |
commit | bdc5584b15cd2aefcbfc7e355076ede829b85fd6 (patch) | |
tree | f598240211c78c074559f9f22b90e9cda568c71f | |
parent | b9a40535aed91a201e70e13aad722d2d589fff2c (diff) | |
download | DistroKit-bdc5584b15cd2aefcbfc7e355076ede829b85fd6.tar.gz DistroKit-bdc5584b15cd2aefcbfc7e355076ede829b85fd6.tar.xz |
rpi: enable gcc stack clash protection
This setting was introduced in PTXdist 2019.03.0:
Generate code to prevent stack clash style attacks. When this
option is enabled, the compiler will only allocate one page of
stack space at a time and each page is accessed immediately after
allocation. Thus, it prevents allocations from jumping over any
stack guard page provided by the operating system.
Make use of it to get more secure binaries with gcc-8's new
-fstack-clash-protection option.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
-rw-r--r-- | configs/platform-rpi/platformconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/configs/platform-rpi/platformconfig b/configs/platform-rpi/platformconfig index 657fb42..d6808b5 100644 --- a/configs/platform-rpi/platformconfig +++ b/configs/platform-rpi/platformconfig @@ -80,7 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}" # PTXCONF_TARGET_HARDEN_STACK is not set PTXCONF_TARGET_HARDEN_STACK_STRONG=y # PTXCONF_TARGET_HARDEN_STACK_ALL is not set -# PTXCONF_TARGET_HARDEN_STACKCLASH is not set +PTXCONF_TARGET_HARDEN_STACKCLASH=y PTXCONF_TARGET_HARDEN_FORTIFY=y PTXCONF_TARGET_HARDEN_RELRO=y PTXCONF_TARGET_HARDEN_BINDNOW=y |