hardening.mk 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. #
  2. # Copyright (C) 2015 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. PKG_CHECK_FORMAT_SECURITY ?= 1
  8. PKG_SSP ?= 1
  9. PKG_FORTIFY_SOURCE ?= 1
  10. PKG_RELRO ?= 1
  11. ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
  12. ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
  13. TARGET_CFLAGS += -Wformat -Werror=format-security
  14. endif
  15. endif
  16. ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
  17. ifeq ($(strip $(PKG_SSP)),1)
  18. TARGET_CFLAGS += -fstack-protector
  19. endif
  20. endif
  21. ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
  22. ifeq ($(strip $(PKG_SSP)),1)
  23. TARGET_CFLAGS += -fstack-protector-strong
  24. endif
  25. endif
  26. ifdef CONFIG_PKG_FORTIFY_SOURCE_1
  27. ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
  28. TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
  29. endif
  30. endif
  31. ifdef CONFIG_PKG_FORTIFY_SOURCE_2
  32. ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
  33. TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
  34. endif
  35. endif
  36. ifdef CONFIG_PKG_RELRO_PARTIAL
  37. ifeq ($(strip $(PKG_RELRO)),1)
  38. TARGET_CFLAGS += -Wl,-z,relro
  39. TARGET_LDFLAGS += -zrelro
  40. endif
  41. endif
  42. ifdef CONFIG_PKG_RELRO_FULL
  43. ifeq ($(strip $(PKG_RELRO)),1)
  44. TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
  45. TARGET_LDFLAGS += -znow -zrelro
  46. endif
  47. endif