This tells the compiler to use a canary to protect any function which declares a character array of 4 or more bytes on its stack, rather than the default of 8 or more bytes.
Signed-off-by: Joshua Lock <[email protected]> --- meta/conf/distro/include/security_flags.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 77fade6..691cea1 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -12,8 +12,8 @@ lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE # Error on use of format strings that represent possible security problems SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_CFLAGS ?= "-fstack-protector-strong --param ssp-buffer-size=4 -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong --param ssp-buffer-size=4 ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now" SECURITY_X_LDFLAGS ?= "-Wl,-z,relro" -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
