]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d3732cf) | patch
security hardening: add RELFO, FORTIFY options
authorMatt Weber <matthew.weber@rockwellcollins.com>
Wed, 24 Jan 2018 04:09:41 +0000 (22:09 -0600)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 28 Jan 2018 14:21:14 +0000 (15:21 +0100)
commit20a4583ebf7fe97ea22a1ea11621dd44a8114ca5
tree71ba47203194f6065a9193055ad0c6dff5476099tree | snapshot
parentd3732cf4a23c83dd6903f26c19bc9258ac227feccommit | diff
security hardening: add RELFO, FORTIFY options

This enables a user to build a complete system using these
options.  It is important to note that not all packages will
build correctly to start with.

Modeled after OpenWRT approach
https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176

A good testing tool to check a target's elf files for compliance
to an array of hardening techniques can be found here:
https://github.com/slimm609/checksec.sh

[Peter: reword fortify help texts, glibc comment]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Config.in diff | blob | history
package/Makefile.in diff | blob | history