From 503ab93cfe0f20976435f62e46b37afae6d8cdab Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Wed, 22 Apr 2009 07:27:22 +0000 Subject: [PATCH] toolchain: add BR2_USE_SSP option for stack protection support Using the support in uClibc. --- toolchain/Config.in.2 | 9 +++++++++ toolchain/uClibc/uClibc-0.9.29.config | 10 +++++++--- toolchain/uClibc/uClibc-0.9.30.config | 11 ++++++++--- toolchain/uClibc/uclibc.mk | 5 +++++ 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/toolchain/Config.in.2 b/toolchain/Config.in.2 index a63e1141d3..e9fe8521c0 100644 --- a/toolchain/Config.in.2 +++ b/toolchain/Config.in.2 @@ -85,6 +85,15 @@ config BR2_SOFT_FLOAT Most people will answer N. +config BR2_USE_SSP + bool "Enable stack protection support" + help + Enable stack smashing protection support using GCCs + -fstack-protector[-all] option. + + See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt + for details. + choice prompt "Thread library implementation" default BR2_PTHREADS_OLD diff --git a/toolchain/uClibc/uClibc-0.9.29.config b/toolchain/uClibc/uClibc-0.9.29.config index e46c706711..3e43059e9f 100644 --- a/toolchain/uClibc/uClibc-0.9.29.config +++ b/toolchain/uClibc/uClibc-0.9.29.config @@ -173,14 +173,18 @@ DEVEL_PREFIX="/usr/" # # uClibc security related options # -# UCLIBC_SECURITY is not set # UCLIBC_BUILD_PIE is not set # UCLIBC_HAS_ARC4RANDOM is not set # HAVE_NO_SSP is not set -# UCLIBC_HAS_SSP is not set +UCLIBC_HAS_SSP=y +# UCLIBC_HAS_SSP_COMPAT is not set +# SSP_QUICK_CANARY is not set +PROPOLICE_BLOCK_ABRT=y +# PROPOLICE_BLOCK_SEGV is not set +# UCLIBC_BUILD_SSP is not set UCLIBC_BUILD_RELRO=y UCLIBC_BUILD_NOW=y -# UCLIBC_BUILD_NOEXECSTACK is not set +UCLIBC_BUILD_NOEXECSTACK=y # # uClibc development/debugging options diff --git a/toolchain/uClibc/uClibc-0.9.30.config b/toolchain/uClibc/uClibc-0.9.30.config index 91b8c120ad..30db7fe45e 100644 --- a/toolchain/uClibc/uClibc-0.9.30.config +++ b/toolchain/uClibc/uClibc-0.9.30.config @@ -196,12 +196,17 @@ DEVEL_PREFIX="/usr/" # Security options # # UCLIBC_BUILD_PIE is not set -UCLIBC_HAS_ARC4RANDOM=y +# UCLIBC_HAS_ARC4RANDOM is not set # HAVE_NO_SSP is not set -# UCLIBC_HAS_SSP is not set +UCLIBC_HAS_SSP=y +# UCLIBC_HAS_SSP_COMPAT is not set +# SSP_QUICK_CANARY is not set +PROPOLICE_BLOCK_ABRT=y +# PROPOLICE_BLOCK_SEGV is not set +# UCLIBC_BUILD_SSP is not set UCLIBC_BUILD_RELRO=y UCLIBC_BUILD_NOW=y -# UCLIBC_BUILD_NOEXECSTACK is not set +UCLIBC_BUILD_NOEXECSTACK=y # # uClibc development/debugging options diff --git a/toolchain/uClibc/uclibc.mk b/toolchain/uClibc/uclibc.mk index 164c474f5b..b39b9399b4 100644 --- a/toolchain/uClibc/uclibc.mk +++ b/toolchain/uClibc/uclibc.mk @@ -302,6 +302,11 @@ else $(SED) '/UCLIBC_HAS_FLOATS/d' \ -e 's,.*UCLIBC_HAS_FPU.*,UCLIBC_HAS_FPU=y\nHAS_FPU=y\nUCLIBC_HAS_FLOATS=y\n,g' \ $(UCLIBC_DIR)/.oldconfig +endif +ifeq ($(BR2_USE_SSP),y) + $(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=y,g' $(UCLIBC_DIR)/.oldconfig +else + $(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=n,g' $(UCLIBC_DIR)/.oldconfig endif $(SED) '/UCLIBC_HAS_THREADS/d' $(UCLIBC_DIR)/.oldconfig $(SED) '/LINUXTHREADS/d' $(UCLIBC_DIR)/.oldconfig