EljakimHerrewijnen/Openwrt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
55779569eb
Openwrt/include
History
Julien Dusser df0bd42fde build: add hardened builds with PIE (ASLR) support 
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
..
site include/site: add powerpc64 config 2017-10-24 13:24:04 +02:00
autotools.mk treewide: fix build depends to refer to source package names 2018-01-13 19:54:44 +01:00
cmake.mk
debug.mk
depends.mk
device_table.txt
download.mk downloads.mk: introduce name-agnostic PROJECT_GIT variable 2018-01-10 21:27:31 +01:00
feeds.mk merge: properly remove %n / %N references 2017-12-09 16:01:14 +01:00
hardened-ld-pie.specs build: add hardened builds with PIE (ASLR) support 2018-01-27 16:46:45 +01:00
hardening.mk build: add hardened builds with PIE (ASLR) support 2018-01-27 16:46:45 +01:00
host-build.mk build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after including package.mk 2017-12-12 12:45:28 +01:00
image-commands.mk build: add image command for CE images 2018-01-13 07:58:47 +01:00
image-legacy.mk
image.mk build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS 2018-01-11 18:20:39 +01:00
kernel-build.mk Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF 2018-01-27 16:46:45 +01:00
kernel-defaults.mk config: don't define the same symbol twice 2018-01-17 11:07:17 +01:00
kernel-version.mk kernel.mk: update LINUX_VERSION filename for cloned repo 2018-01-27 16:46:45 +01:00
kernel.mk kernel: include: remove last .0 from kernel versions again 2017-12-16 22:15:23 +01:00
netfilter.mk netfilter, iptables: add optional CHECKSUM module 2017-11-06 16:39:41 +01:00
nls.mk treewide: fix build depends to refer to source package names 2018-01-13 19:54:44 +01:00
package-bin.mk
package-defaults.mk build: allow defining license information per binary package 2017-11-25 20:02:04 +01:00
package-dumpinfo.mk include/package-dumpinfo.mk: don't duplicate source package information for every binary package 2018-01-13 19:54:45 +01:00
package-ipkg.mk build: allow defining license information per binary package 2017-11-25 20:02:04 +01:00
package-seccomp.mk
package.mk include/package.mk: remove old configured stamps before attempting configuration 2017-12-28 12:24:25 +01:00
prereq-build.mk merge: etc: update remaining files 2017-12-08 19:41:18 +01:00
prereq.mk
quilt.mk
rootfs.mk
scan.awk
scan.mk
scons.mk
shell.sh
subdir.mk
target.mk target: replace odhcpd by odhcpd-ipv6only 2017-11-29 22:34:58 +01:00
toolchain-build.mk
toplevel.mk include/toplevel.mk: Add xconfig target 2017-11-02 15:58:45 +01:00
u-boot.mk
uclibc++.mk
unpack.mk
verbose.mk
version.mk merge: release/banner: drop release name and update banner 2017-12-08 19:41:18 +01:00