toolchain: add BR2_USE_SSP option for stack protection support

Using the support in uClibc.
author: Peter Korsgaard <jacmet@sunsite.dk> 2009-04-22 07:27:22 +0000
committer: Peter Korsgaard <jacmet@sunsite.dk> 2009-04-22 07:27:22 +0000
commit: 503ab93cfe0f20976435f62e46b37afae6d8cdab (patch)
tree: 0ecd7c9fe1c1223174e8f8815083759f2fa654c6
parent: 3b712a3d891bf23055a587fc518f7cd2139a6a09 (diff)
4 files changed, 29 insertions, 6 deletions
diff --git a/toolchain/Config.in.2 b/toolchain/Config.in.2
index a63e1141d..e9fe8521c 100644
--- a/toolchain/Config.in.2
+++ b/toolchain/Config.in.2
@@ -85,6 +85,15 @@ config BR2_SOFT_FLOAT
 
 	  Most people will answer N.
 
+config BR2_USE_SSP
+	bool "Enable stack protection support"
+	help
+	  Enable stack smashing protection support using GCCs
+	  -fstack-protector[-all] option.
+
+	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
+	  for details.
+
 choice
 	prompt "Thread library implementation"
 	default BR2_PTHREADS_OLD
diff --git a/toolchain/uClibc/uClibc-0.9.29.config b/toolchain/uClibc/uClibc-0.9.29.config
index e46c70671..3e43059e9 100644
--- a/toolchain/uClibc/uClibc-0.9.29.config
+++ b/toolchain/uClibc/uClibc-0.9.29.config
@@ -173,14 +173,18 @@ DEVEL_PREFIX="/usr/"
 #
 # uClibc security related options
 #
-# UCLIBC_SECURITY is not set
 # UCLIBC_BUILD_PIE is not set
 # UCLIBC_HAS_ARC4RANDOM is not set
 # HAVE_NO_SSP is not set
-# UCLIBC_HAS_SSP is not set
+UCLIBC_HAS_SSP=y
+# UCLIBC_HAS_SSP_COMPAT is not set
+# SSP_QUICK_CANARY is not set
+PROPOLICE_BLOCK_ABRT=y
+# PROPOLICE_BLOCK_SEGV is not set
+# UCLIBC_BUILD_SSP is not set
 UCLIBC_BUILD_RELRO=y
 UCLIBC_BUILD_NOW=y
-# UCLIBC_BUILD_NOEXECSTACK is not set
+UCLIBC_BUILD_NOEXECSTACK=y
 
 #
 # uClibc development/debugging options
diff --git a/toolchain/uClibc/uClibc-0.9.30.config b/toolchain/uClibc/uClibc-0.9.30.config
index 91b8c120a..30db7fe45 100644
--- a/toolchain/uClibc/uClibc-0.9.30.config
+++ b/toolchain/uClibc/uClibc-0.9.30.config
@@ -196,12 +196,17 @@ DEVEL_PREFIX="/usr/"
 # Security options
 #
 # UCLIBC_BUILD_PIE is not set
-UCLIBC_HAS_ARC4RANDOM=y
+# UCLIBC_HAS_ARC4RANDOM is not set
 # HAVE_NO_SSP is not set
-# UCLIBC_HAS_SSP is not set
+UCLIBC_HAS_SSP=y
+# UCLIBC_HAS_SSP_COMPAT is not set
+# SSP_QUICK_CANARY is not set
+PROPOLICE_BLOCK_ABRT=y
+# PROPOLICE_BLOCK_SEGV is not set
+# UCLIBC_BUILD_SSP is not set
 UCLIBC_BUILD_RELRO=y
 UCLIBC_BUILD_NOW=y
-# UCLIBC_BUILD_NOEXECSTACK is not set
+UCLIBC_BUILD_NOEXECSTACK=y
 
 #
 # uClibc development/debugging options
diff --git a/toolchain/uClibc/uclibc.mk b/toolchain/uClibc/uclibc.mk
index 164c474f5..b39b9399b 100644
--- a/toolchain/uClibc/uclibc.mk
+++ b/toolchain/uClibc/uclibc.mk
@@ -303,6 +303,11 @@ else
 		-e 's,.*UCLIBC_HAS_FPU.*,UCLIBC_HAS_FPU=y\nHAS_FPU=y\nUCLIBC_HAS_FLOATS=y\n,g' \
 		$(UCLIBC_DIR)/.oldconfig
 endif
+ifeq ($(BR2_USE_SSP),y)
+	$(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=y,g' $(UCLIBC_DIR)/.oldconfig
+else
+	$(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=n,g' $(UCLIBC_DIR)/.oldconfig
+endif
 	$(SED) '/UCLIBC_HAS_THREADS/d' $(UCLIBC_DIR)/.oldconfig
 	$(SED) '/LINUXTHREADS/d' $(UCLIBC_DIR)/.oldconfig
 	$(SED) '/LINUXTHREADS_OLD/d' $(UCLIBC_DIR)/.oldconfig
author	Peter Korsgaard <jacmet@sunsite.dk>	2009-04-22 07:27:22 +0000
committer	Peter Korsgaard <jacmet@sunsite.dk>	2009-04-22 07:27:22 +0000
commit	503ab93cfe0f20976435f62e46b37afae6d8cdab (patch)
tree	0ecd7c9fe1c1223174e8f8815083759f2fa654c6
parent	3b712a3d891bf23055a587fc518f7cd2139a6a09 (diff)