[openwrt/openwrt] toolchain: add gcc configure default PIE and SSP
LEDE Commits
lede-commits at lists.infradead.org
Sat Jan 27 14:19:45 PST 2018
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/55779569eb817361222d653accd929a752b8327d
commit 55779569eb817361222d653accd929a752b8327d
Author: Julien Dusser <julien.dusser at free.fr>
AuthorDate: Sun Jan 7 17:41:35 2018 +0100
toolchain: add gcc configure default PIE and SSP
GCC supports starting version 5 --enable-default-ssp and starting version 6
--enable-default-pie.
It produces hardened binaries by default without dealing with package
compilation flags.
Signed-off-by: Julien Dusser <julien.dusser at free.fr>
---
toolchain/gcc/Config.in | 15 +++++++++++++++
toolchain/gcc/common.mk | 10 ++++++++++
2 files changed, 25 insertions(+)
diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 06e9f48..0fe0ea2 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -37,6 +37,21 @@ config EXTRA_GCC_CONFIG_OPTIONS
help
Any additional gcc options you may want to include....
+config GCC_DEFAULT_PIE
+ bool
+ prompt "Build executable with PIE enabled by default" if TOOLCHAINOPTS
+ depends on !GCC_USE_VERSION_5
+ default n
+ help
+ Use gcc configure option --enable-default-pie to turn on -fPIE and -pie by default.
+
+config GCC_DEFAULT_SSP
+ bool
+ prompt "Build executable with Stack-Smashing Protection enabled by default" if TOOLCHAINOPTS
+ default n
+ help
+ Use gcc configure option --enable-default-ssp to turn on -fstack-protector-strong by default.
+
config SSP_SUPPORT
bool
prompt "Enable Stack-Smashing Protection support" if TOOLCHAINOPTS
diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk
index 7c4e773..ece71ef 100644
--- a/toolchain/gcc/common.mk
+++ b/toolchain/gcc/common.mk
@@ -133,6 +133,16 @@ ifndef GCC_VERSION_4_8
GCC_CONFIGURE += --with-diagnostics-color=auto-if-env
endif
+ifneq ($(CONFIG_GCC_DEFAULT_PIE),)
+ GCC_CONFIGURE+= \
+ --enable-default-pie
+endif
+
+ifneq ($(CONFIG_GCC_DEFAULT_SSP),)
+ GCC_CONFIGURE+= \
+ --enable-default-ssp
+endif
+
ifneq ($(CONFIG_SSP_SUPPORT),)
GCC_CONFIGURE+= \
--enable-libssp
More information about the lede-commits
mailing list