> On Aug 19, 2016, at 8:34 AM, Joshua Lock <[email protected]> wrote: > > This tells the compiler to use a canary to protect any function which > declares a character array of 4 or more bytes on its stack, rather > than the default of 8 or more bytes.
Thats fine, however, it slows down the code, strong option was a compromise otherwise we could just use fstack-protector-all > > Signed-off-by: Joshua Lock <[email protected]> > --- > meta/conf/distro/include/security_flags.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/conf/distro/include/security_flags.inc > b/meta/conf/distro/include/security_flags.inc > index 77fade6..691cea1 100644 > --- a/meta/conf/distro/include/security_flags.inc > +++ b/meta/conf/distro/include/security_flags.inc > @@ -12,8 +12,8 @@ lcl_maybe_fortify = > "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE > # Error on use of format strings that represent possible security problems > SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" > > -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} > ${SECURITY_STRINGFORMAT}" > -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} > ${SECURITY_STRINGFORMAT}" > +SECURITY_CFLAGS ?= "-fstack-protector-strong --param ssp-buffer-size=4 -pie > -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" > +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong --param > ssp-buffer-size=4 ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" > > SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now" > SECURITY_X_LDFLAGS ?= "-Wl,-z,relro" > -- > 2.7.4 > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
