diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2016-06-17 16:22:21 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2016-06-17 16:23:06 +0200 |
commit | 73e71be0770721cdd55f9e5873ba4aa1d3b38cd7 (patch) | |
tree | 84c8d6c4ccaa799d7cbf5a39ebb7e67abd1347aa | |
parent | b99110b865addaee590be867e182173e088c8265 (diff) | |
download | ptxdist-73e71be0770721cdd55f9e5873ba4aa1d3b38cd7.tar.gz ptxdist-73e71be0770721cdd55f9e5873ba4aa1d3b38cd7.tar.xz |
wrapper: add more stack protector options
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | platforms/toolchain_hardening.in | 23 | ||||
-rw-r--r-- | scripts/wrapper/libwrapper.sh | 2 |
2 files changed, 22 insertions, 3 deletions
diff --git a/platforms/toolchain_hardening.in b/platforms/toolchain_hardening.in index cb81798b2..291d5a834 100644 --- a/platforms/toolchain_hardening.in +++ b/platforms/toolchain_hardening.in @@ -2,9 +2,8 @@ menu "hardening options " -config TARGET_HARDEN_STACK - bool - prompt "Enable stack protector (cc -fstack-protector)" +choice + prompt "Stack Protector" help This is a mainline GCC feature, which adds safety checks against stack overwrites. This renders many potential code injection @@ -13,6 +12,24 @@ config TARGET_HARDEN_STACK non-issues (depending on the application). http://en.wikipedia.org/wiki/Stack-smashing_protection +config TARGET_HARDEN_STACK_NONE + bool + prompt "disabled " + +config TARGET_HARDEN_STACK + bool + prompt "cc -fstack-protector " + +config TARGET_HARDEN_STACK_STRONG + bool + prompt "cc -fstack-protector-strong" + +config TARGET_HARDEN_STACK_ALL + bool + prompt "cc -fstack-protector-all " + +endchoice + config TARGET_HARDEN_FORTIFY bool prompt "Enable glibc protections (cc -D_FORTIFY_SOURCE=2)" diff --git a/scripts/wrapper/libwrapper.sh b/scripts/wrapper/libwrapper.sh index 665f2c764..113825e8d 100644 --- a/scripts/wrapper/libwrapper.sh +++ b/scripts/wrapper/libwrapper.sh @@ -168,6 +168,8 @@ cc_add_fortify() { cc_add_stack() { if ${STDLIB}; then add_opt_arg TARGET_HARDEN_STACK "-fstack-protector" "--param=ssp-buffer-size=4" + add_opt_arg TARGET_HARDEN_STACK_STRONG "-fstack-protector-strong" + add_opt_arg TARGET_HARDEN_STACK_ALL "-fstack-protector-all" fi } |