Permalink
Browse files

sync with openwrt, 2018.02

  • Loading branch information...
The-BB committed Feb 12, 2018
1 parent 5b5337d commit 6b9671a934ab4f42a0b825b25fb976691175017d
Showing with 22 additions and 4 deletions.
  1. +22 −4 config/Config-build.in
@@ -41,7 +41,7 @@ menu "Global build settings"
default n
config BUILD_PATENTED
default y
default n
bool "Compile with support for patented functionality"
help
When this option is disabled, software which provides patented functionality
@@ -84,10 +84,12 @@ menu "Global build settings"
Useful for release builds, so that kernel issues can be debugged offline
later.
comment "Kernel build options"
menu "Kernel build options"
source "config/Config-kernel.in"
endmenu
comment "Package build options"
config DEBUG
@@ -182,6 +184,22 @@ menu "Global build settings"
this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
Makefile.
config PKG_ASLR_PIE
bool
prompt "User space ASLR PIE compilation"
select BUSYBOX_DEFAULT_PIE
default n
help
Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
This enables package build as Position Independent Executables (PIE)
to protect against "return-to-text" attacks. This belongs to the
feature of Address Space Layout Randomisation (ASLR), which is
implemented by the kernel and the ELF loader by randomising the
location of memory allocations. This makes memory addresses harder
to predict when an attacker is attempting a memory-corruption exploit.
You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
Makefile.
choice
prompt "User space Stack-Smashing Protection"
depends on USE_MUSL
@@ -192,11 +210,11 @@ menu "Global build settings"
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
select SSP_SUPPORT if !USE_MUSL
select GCC_LIBSSP if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
select SSP_SUPPORT if !USE_MUSL
select GCC_LIBSSP if !USE_MUSL
depends on !GCC_VERSION_4_8
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice

0 comments on commit 6b9671a

Please sign in to comment.