[Buildroot] [PATCH v4 02/13] security hardening: add RELFO, FORTIFY options
Johan Oudinet
johan.oudinet at gmail.com
Thu Apr 26 15:55:17 UTC 2018
Hi Matt,
This is a late reply but we encounter a build failure in our system
due to changes in this patch, which I believe are wrong. See below.
On Wed, Jan 24, 2018 at 5:09 AM, Matt Weber
<matthew.weber at rockwellcollins.com> wrote:
> +
> +ifeq ($(BR2_SSP_REGULAR),y)
> +TARGET_CPPFLAGS += -fstack-protector
> +else ifeq ($(BR2_SSP_STRONG),y)
> +TARGET_CPPFLAGS += -fstack-protector-strong
> +else ifeq ($(BR2_SSP_ALL),y)
> +TARGET_CPPFLAGS += -fstack-protector-all
> +endif
...
>
> -ifeq ($(BR2_SSP_REGULAR),y)
> -TARGET_CFLAGS += -fstack-protector
> -TARGET_CXXFLAGS += -fstack-protector
> -TARGET_FCFLAGS += -fstack-protector
> -else ifeq ($(BR2_SSP_STRONG),y)
> -TARGET_CFLAGS += -fstack-protector-strong
> -TARGET_CXXFLAGS += -fstack-protector-strong
> -TARGET_FCFLAGS += -fstack-protector-strong
> -else ifeq ($(BR2_SSP_ALL),y)
> -TARGET_CFLAGS += -fstack-protector-all
> -TARGET_CXXFLAGS += -fstack-protector-all
> -TARGET_FCFLAGS += -fstack-protector-all
> -endif
I don't think -fstack-protector* flags belongs to the preprocessor flags.
Why did you move them from CFLAGS and CXXFLAGS? Your commit message
suggests this was an proposition from Arnout but I can't find his
email where he says that.
Best regards,
--
Johan
More information about the buildroot
mailing list