diff options
| author | Roland Hieber <rhi@pengutronix.de> | 2019-03-11 00:40:44 +0100 |
|---|---|---|
| committer | Robert Schwebel <r.schwebel@pengutronix.de> | 2019-03-11 06:47:41 +0100 |
| commit | 47bb269dabbf9d8650efa62254a65c0f5c97ea96 (patch) | |
| tree | 0c77eb0dc88307548fa515708d127a70bc47ebbe /configs | |
| parent | 34c74772447918d0718532486b5db5796d53da4b (diff) | |
| download | DistroKit-47bb269dabbf9d8650efa62254a65c0f5c97ea96.tar.gz DistroKit-47bb269dabbf9d8650efa62254a65c0f5c97ea96.tar.xz | |
v8a: enable gcc stack clash protection
This setting was introduced in PTXdist 2019.03.0:
Generate code to prevent stack clash style attacks. When this
option is enabled, the compiler will only allocate one page of
stack space at a time and each page is accessed immediately after
allocation. Thus, it prevents allocations from jumping over any
stack guard page provided by the operating system.
Make use of it to get more secure binaries with gcc-8's new
-fstack-clash-protection option.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/platform-v8a/platformconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/configs/platform-v8a/platformconfig b/configs/platform-v8a/platformconfig index 711e261..0755c55 100644 --- a/configs/platform-v8a/platformconfig +++ b/configs/platform-v8a/platformconfig @@ -78,7 +78,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}" PTXCONF_TARGET_HARDEN_STACK=y # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set # PTXCONF_TARGET_HARDEN_STACK_ALL is not set -# PTXCONF_TARGET_HARDEN_STACKCLASH is not set +PTXCONF_TARGET_HARDEN_STACKCLASH=y PTXCONF_TARGET_HARDEN_FORTIFY=y PTXCONF_TARGET_HARDEN_RELRO=y PTXCONF_TARGET_HARDEN_BINDNOW=y |