[Buildroot] RFC: ASLR
Peter Korsgaard
peter at korsgaard.com
Wed Jul 12 15:36:44 UTC 2017
>>>>> "Matthew" == Matthew Weber <matthew.weber at rockwellcollins.com> writes:
> Peter,
> I have a patchset we're starting to assemble for enabling hardening
> across specific packages in Buildroot. I hear you may have already
> looked at this problem/feature?
Well, it is on my todo list - But I haven't done any actual work on it
yet - So your timing is perfect ;)
> What I'm seeing is that these changes are considered "optional" at a
> package build level. Plus I'm not advocating we carry specific
> Buildroot patches for items where it doesn't make sense for the
> package upstream to default to them. Instead, could we add a
> conditional in the .mk that adds the FLAGS update on specific packages
> which have the ability to enable it? Sort of in a similar way to how
> we enable libcurl and other dependencies automatically in other
> packages if that package/option is enabled. This would allow us to
> grow support over time and not force all packages to build with the
> option (plus keep it optional in general for those that want it
> enabled).
Do you see actual breakage with packages if these flags are added
globally to TARGET_CFLAGS? From a quick look at lede, they seem to
enable it globally:
https://git.lede-project.org/?p=source.git;a=blob;f=config/Config-build.in#l175
There seems to be some some hooks (E.G. PKG_RELRO) to disable this for
specific packages, but I don't see it getting used anywhere:
https://git.lede-project.org/?p=source.git;a=blob;f=include/hardening.mk
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list