path: root/Config.in
diff options
authorGravatar Steven Noonan <steven@uplinklabs.net>2015-12-27 12:07:31 +0100
committerGravatar Thomas Petazzoni <thomas.petazzoni@free-electrons.com>2015-12-27 15:30:09 +0100
commitd29c7196bf5e610123dcc697197d4013d5869f68 (patch)
tree208807555bb34233bab2817d968bc7e427a31daa /Config.in
parent9ac65b37bd34a4ba9a97156ace0fe91ce3670912 (diff)
toolchain: granular choice for stack protector
Currently, we only support two levels of stach-smashing protection: - entirely disabled, - protect _all_ functions with -fstack-protector-all. -fstack-protector-all tends to be far too aggressive and impacts performance too much to be worth on a real product. Add a choice that allows us to select between different levels of stack-smashing protection: - none - basic (NEW) - strong (NEW) - all The differences are documented in the GCC online documentation: https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html Signed-off-by: Steven Noonan <steven@uplinklabs.net> [yann.morin.1998@free.fr: - rebase - add legacy handling - SSP-strong depends on gcc >= 4.9 - slightly simple ifeq-block in package/Makefile.in - keep the comment in the choice; add a comment shen strong is not available - drop the defaults (only keep the legacy) - update commit log ] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: - only show the choice if the toolchain has SSP support - add details for the BR2_SSP_ALL option that it has a significant performance impact.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'Config.in')
1 files changed, 41 insertions, 4 deletions
diff --git a/Config.in b/Config.in
index 0be44d933c..9513cc19a2 100644
--- a/Config.in
+++ b/Config.in
@@ -522,12 +522,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
-config BR2_ENABLE_SSP
bool "build code with Stack Smashing Protection"
+ default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
- Enable stack smashing protection support using GCCs
- -fstack-protector-all option.
+ Enable stack smashing protection support using GCC's
+ -fstack-protector option family.
See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
for details.
@@ -536,7 +537,43 @@ config BR2_ENABLE_SSP
support. This is always the case for glibc and eglibc
toolchain, but is optional in uClibc toolchains.
-comment "enabling Stack Smashing Protection requires support in the toolchain"
+config BR2_SSP_NONE
+ bool "None"
+ help
+ Disable stack-smashing protection.
+ bool "-fstack-protector"
+ help
+ Emit extra code to check for buffer overflows, such as stack
+ smashing attacks. This is done by adding a guard variable to
+ functions with vulnerable objects. This includes functions
+ that call alloca, and functions with buffers larger than 8
+ bytes. The guards are initialized when a function is entered
+ and then checked when the function exits. If a guard check
+ fails, an error message is printed and the program exits.
+config BR2_SSP_STRONG
+ bool "-fstack-protector-strong"
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
+ help
+ Like -fstack-protector but includes additional functions to be
+ protected - those that have local array definitions, or have
+ references to local frame addresses.
+comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
+ depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
+config BR2_SSP_ALL
+ bool "-fstack-protector-all"
+ help
+ Like -fstack-protector except that all functions are
+ protected. This option might have a significant performance
+ impact on the compiled binaries.
+comment "Stack Smashing Protection needs a toolchain w/ SSP"