[Buildroot] RFC: ASLR

Peter Korsgaard peter at korsgaard.com
Wed Jul 12 15:36:44 UTC 2017


>>>>> "Matthew" == Matthew Weber <matthew.weber at rockwellcollins.com> writes:

 > Peter,
 > I have a patchset we're starting to assemble for enabling hardening
 > across specific packages in Buildroot.  I hear you may have already
 > looked at this problem/feature?

Well, it is on my todo list - But I haven't done any actual work on it
yet - So your timing is perfect ;)


 > What I'm seeing is that these changes are considered "optional" at a
 > package build level.  Plus I'm not advocating we carry specific
 > Buildroot patches for items where it doesn't make sense for the
 > package upstream to default to them.  Instead, could we add a
 > conditional in the .mk that adds the FLAGS update on specific packages
 > which have the ability to enable it? Sort of in a similar way to how
 > we enable libcurl and other dependencies automatically in other
 > packages if that package/option is enabled.  This would allow us to
 > grow support over time and not force all packages to build with the
 > option (plus keep it optional in general for those that want it
 > enabled).

Do you see actual breakage with packages if these flags are added
globally to TARGET_CFLAGS? From a quick look at lede, they seem to
enable it globally:

https://git.lede-project.org/?p=source.git;a=blob;f=config/Config-build.in#l175

There seems to be some some hooks (E.G. PKG_RELRO) to disable this for
specific packages, but I don't see it getting used anywhere:

https://git.lede-project.org/?p=source.git;a=blob;f=include/hardening.mk

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list