Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
OpenWrt
/
openwrt
tükrözi: https://github.com/openwrt/openwrt.git
2
0
Másolás 0
Fájlok Problémák 0 Wiki
Fa: v25.12.0-r
Branch-ok Tag-ek
openwrt
/
include
/
hardening.mk

hardening.mk 2.1 KB
Állandó hivatkozás Előzmények Nyers

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. # SPDX-License-Identifier: GPL-2.0-only
    2. 

  2. #
    3. 

  3. # Copyright (C) 2015-2020 OpenWrt.org
    4. 

  4. 

  5. PKG_CHECK_FORMAT_SECURITY ?= 1
    6. 

  6. PKG_ASLR_PIE ?= 1
    7. 

  7. PKG_ASLR_PIE_REGULAR ?= 0
    8. 

  8. PKG_SSP ?= 1
    9. 

  9. PKG_FORTIFY_SOURCE ?= 1
    10. 

  10. PKG_RELRO ?= 1
    11. 

  11. PKG_DT_RELR ?= 1
    12. 

  12. PKG_FANALYZER ?= 0
    13. 

  13. 

  14. ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
    15. 

  15.   ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
    16. 

  16.     TARGET_CFLAGS += -Wformat -Werror=format-security
    17. 

  17.   endif
    18. 

  18. endif
    19. 

  19. ifdef CONFIG_PKG_ASLR_PIE_ALL
    20. 

  20.   ifeq ($(strip $(PKG_ASLR_PIE)),1)
    21. 

  21.     TARGET_CFLAGS += $(FPIC)
    22. 

  22.     TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
    23. 

  23.   endif
    24. 

  24. endif
    25. 

  25. ifdef CONFIG_PKG_ASLR_PIE_REGULAR
    26. 

  26.   ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1)
    27. 

  27.     TARGET_CFLAGS += $(FPIC)
    28. 

  28.     TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
    29. 

  29.   endif
    30. 

  30. endif
    31. 

  31. ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
    32. 

  32.   ifeq ($(strip $(PKG_SSP)),1)
    33. 

  33.     TARGET_CFLAGS += -fstack-protector
    34. 

  34.   endif
    35. 

  35. endif
    36. 

  36. ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
    37. 

  37.   ifeq ($(strip $(PKG_SSP)),1)
    38. 

  38.     TARGET_CFLAGS += -fstack-protector-strong
    39. 

  39.   endif
    40. 

  40. endif
    41. 

  41. ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
    42. 

  42.   ifeq ($(strip $(PKG_SSP)),1)
    43. 

  43.     TARGET_CFLAGS += -fstack-protector-all
    44. 

  44.   endif
    45. 

  45. endif
    46. 

  46. ifdef CONFIG_PKG_FORTIFY_SOURCE_1
    47. 

  47.   ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
    48. 

  48.     TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
    49. 

  49.   endif
    50. 

  50. endif
    51. 

  51. ifdef CONFIG_PKG_FORTIFY_SOURCE_2
    52. 

  52.   ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
    53. 

  53.     TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
    54. 

  54.   endif
    55. 

  55. endif
    56. 

  56. ifdef CONFIG_PKG_FORTIFY_SOURCE_3
    57. 

  57.   ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
    58. 

  58.     TARGET_CFLAGS += -D_FORTIFY_SOURCE=3
    59. 

  59.   endif
    60. 

  60. endif
    61. 

  61. ifdef CONFIG_PKG_RELRO_PARTIAL
    62. 

  62.   ifeq ($(strip $(PKG_RELRO)),1)
    63. 

  63.     TARGET_CFLAGS += -Wl,-z,relro
    64. 

  64.     TARGET_LDFLAGS += -zrelro
    65. 

  65.   endif
    66. 

  66. endif
    67. 

  67. ifdef CONFIG_PKG_RELRO_FULL
    68. 

  68.   ifeq ($(strip $(PKG_RELRO)),1)
    69. 

  69.     TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
    70. 

  70.     TARGET_LDFLAGS += -znow -zrelro
    71. 

  71.   endif
    72. 

  72. endif
    73. 

  73. 

  74. ifdef CONFIG_PKG_DT_RELR
    75. 

  75.   ifeq ($(strip $(PKG_DT_RELR)),1)
    76. 

  76.     TARGET_CFLAGS += -Wl,-z,pack-relative-relocs
    77. 

  77.     TARGET_LDFLAGS += -zpack-relative-relocs
    78. 

  78.   endif
    79. 

  79. endif
    80. 

  80. 

  81. ifdef CONFIG_PKG_FANALYZER
    82. 

  82.   ifeq ($(strip $(PKG_FANALYZER)),1)
    83. 

  83.     TARGET_CFLAGS +=  -fanalyzer
    84. 

  84.   endif
    85. 

  85. endif
    86.