diff options
Diffstat (limited to 'Config.in')
-rw-r--r-- | Config.in | 45 |
1 files changed, 41 insertions, 4 deletions
@@ -522,12 +522,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES endif -config BR2_ENABLE_SSP +choice bool "build code with Stack Smashing Protection" + default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy depends on BR2_TOOLCHAIN_HAS_SSP help - Enable stack smashing protection support using GCCs - -fstack-protector-all option. + Enable stack smashing protection support using GCC's + -fstack-protector option family. See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt for details. @@ -536,7 +537,43 @@ config BR2_ENABLE_SSP support. This is always the case for glibc and eglibc toolchain, but is optional in uClibc toolchains. -comment "enabling Stack Smashing Protection requires support in the toolchain" +config BR2_SSP_NONE + bool "None" + help + Disable stack-smashing protection. + +config BR2_SSP_REGULAR + bool "-fstack-protector" + help + Emit extra code to check for buffer overflows, such as stack + smashing attacks. This is done by adding a guard variable to + functions with vulnerable objects. This includes functions + that call alloca, and functions with buffers larger than 8 + bytes. The guards are initialized when a function is entered + and then checked when the function exits. If a guard check + fails, an error message is printed and the program exits. + +config BR2_SSP_STRONG + bool "-fstack-protector-strong" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + help + Like -fstack-protector but includes additional functions to be + protected - those that have local array definitions, or have + references to local frame addresses. + +comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9" + depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 + +config BR2_SSP_ALL + bool "-fstack-protector-all" + help + Like -fstack-protector except that all functions are + protected. This option might have a significant performance + impact on the compiled binaries. + +endchoice + +comment "Stack Smashing Protection needs a toolchain w/ SSP" depends on !BR2_TOOLCHAIN_HAS_SSP choice |