diff options
author | Jan Luebbe <jlu@pengutronix.de> | 2012-10-24 23:21:50 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2012-11-20 11:52:17 +0100 |
commit | 2a21a0e4c219211bf8d6596740e1a4740d4f65ad (patch) | |
tree | b3c10f0e3febadaf5e7aad671cdf789509131468 /platforms | |
parent | 335bb61b7afa564e984a34b62bb008d329651523 (diff) | |
download | ptxdist-2a21a0e4c219211bf8d6596740e1a4740d4f65ad.tar.gz ptxdist-2a21a0e4c219211bf8d6596740e1a4740d4f65ad.tar.xz |
wrapper: introduce a wrapper for cc, c++, cpp and ld
This is used to inject compiler and linker options without relying on the
build-systems to pass additional options to the tools.
It is used for options needed for cross-compiling, hardening flags and
other user defined options.
The wrapper also calls ccache if ptxdist is configured to use it.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'platforms')
-rw-r--r-- | platforms/toolchain_hardening.in | 50 | ||||
-rw-r--r-- | platforms/toolchain_options.in | 29 |
2 files changed, 79 insertions, 0 deletions
diff --git a/platforms/toolchain_hardening.in b/platforms/toolchain_hardening.in new file mode 100644 index 000000000..cb81798b2 --- /dev/null +++ b/platforms/toolchain_hardening.in @@ -0,0 +1,50 @@ +## SECTION=architecture_options + +menu "hardening options " + +config TARGET_HARDEN_STACK + bool + prompt "Enable stack protector (cc -fstack-protector)" + help + This is a mainline GCC feature, which adds safety checks against + stack overwrites. This renders many potential code injection + attacks into aborting situations. In the best case this turns + code injection vulnerabilities into denial of service or into + non-issues (depending on the application). + http://en.wikipedia.org/wiki/Stack-smashing_protection + +config TARGET_HARDEN_FORTIFY + bool + prompt "Enable glibc protections (cc -D_FORTIFY_SOURCE=2)" + help + During code generation the compiler knows a great deal of + information about buffer sizes (where possible), and attempts to + replace insecure unlimited length buffer function calls with + length-limited ones. This is especially useful for old, crufty + code. + +config TARGET_HARDEN_RELRO + bool + prompt "Enable 'RELocation Read-Only' (ld -z relro)" + help + Several ELF sections need to be written to by the linker, but can + be turned read-only after starting. Most notably this prevents + GOT overwrites attacks. + +config TARGET_HARDEN_BINDNOW + bool + prompt "Enable 'Bind Now' (ld -z now)" + help + Perform all dynamic bindings at start-up instead of on-demand. + This prevents PLT overwrite attacks. + +config TARGET_HARDEN_PIE + bool + prompt "Enable 'Position Independent Executables' (-fPIE -pie)" + help + Position Independent Executable are needed for effective Address + Space Layout randomization. + http://en.wikipedia.org/wiki/ASLR + + +endmenu diff --git a/platforms/toolchain_options.in b/platforms/toolchain_options.in index 1277335ac..59a8ac81f 100644 --- a/platforms/toolchain_options.in +++ b/platforms/toolchain_options.in @@ -2,6 +2,35 @@ menu "extra toolchain options " +choice + prompt "linker hash-style" + default TARGET_LINKER_HASH_DEFAULT + + config TARGET_LINKER_HASH_DEFAULT + bool + prompt "default " + help + don't change the default linker hash style + + config TARGET_LINKER_HASH_SYSV + bool + prompt "sysv " + help + add "--hash-style=sysv" to the linker options + + config TARGET_LINKER_HASH_GNU + bool + prompt "gnu " + help + add "--hash-style=gnu" to the linker options + + config TARGET_LINKER_HASH_BOTH + bool + prompt "gnu & sysv" + help + add "--hash-style=both" to the linker options +endchoice + config TARGET_EXTRA_CPPFLAGS string prompt "Extra CPPFLAGS (cpp)" |