toolchain: add BR2_USE_SSP option for stack protection support

Using the support in uClibc.

diff --git a/toolchain/Config.in.2 b/toolchain/Config.in.2
index a63e1141d3dc4c9a377c4c9f301d246d39b54f4f..e9fe8521c05378f146f39c28c44d6d548e942c91 100644 (file)
--- a/toolchain/Config.in.2
+++ b/toolchain/Config.in.2
@@ -85,6 +85,15 @@ config BR2_SOFT_FLOAT
 
          Most people will answer N.
 
+config BR2_USE_SSP
+       bool "Enable stack protection support"
+       help
+         Enable stack smashing protection support using GCCs
+         -fstack-protector[-all] option.
+
+         See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
+         for details.
+
 choice
        prompt "Thread library implementation"
        default BR2_PTHREADS_OLD

diff --git a/toolchain/uClibc/uClibc-0.9.29.config b/toolchain/uClibc/uClibc-0.9.29.config
index e46c7067112d37779d320f043e122aa8eda53423..3e43059e9f289a4a94817210d37a51bd905a2a88 100644 (file)
--- a/toolchain/uClibc/uClibc-0.9.29.config
+++ b/toolchain/uClibc/uClibc-0.9.29.config
@@ -173,14 +173,18 @@ DEVEL_PREFIX="/usr/"
 #
 # uClibc security related options
 #
-# UCLIBC_SECURITY is not set
 # UCLIBC_BUILD_PIE is not set
 # UCLIBC_HAS_ARC4RANDOM is not set
 # HAVE_NO_SSP is not set
-# UCLIBC_HAS_SSP is not set
+UCLIBC_HAS_SSP=y
+# UCLIBC_HAS_SSP_COMPAT is not set
+# SSP_QUICK_CANARY is not set
+PROPOLICE_BLOCK_ABRT=y
+# PROPOLICE_BLOCK_SEGV is not set
+# UCLIBC_BUILD_SSP is not set
 UCLIBC_BUILD_RELRO=y
 UCLIBC_BUILD_NOW=y
-# UCLIBC_BUILD_NOEXECSTACK is not set
+UCLIBC_BUILD_NOEXECSTACK=y
 
 #
 # uClibc development/debugging options

diff --git a/toolchain/uClibc/uClibc-0.9.30.config b/toolchain/uClibc/uClibc-0.9.30.config
index 91b8c120adbc135eba08d565c8635663be6e813c..30db7fe45e5d63720aebacd93292aa685d40a3a7 100644 (file)
--- a/toolchain/uClibc/uClibc-0.9.30.config
+++ b/toolchain/uClibc/uClibc-0.9.30.config
@@ -196,12 +196,17 @@ DEVEL_PREFIX="/usr/"
 # Security options
 #
 # UCLIBC_BUILD_PIE is not set
-UCLIBC_HAS_ARC4RANDOM=y
+# UCLIBC_HAS_ARC4RANDOM is not set
 # HAVE_NO_SSP is not set
-# UCLIBC_HAS_SSP is not set
+UCLIBC_HAS_SSP=y
+# UCLIBC_HAS_SSP_COMPAT is not set
+# SSP_QUICK_CANARY is not set
+PROPOLICE_BLOCK_ABRT=y
+# PROPOLICE_BLOCK_SEGV is not set
+# UCLIBC_BUILD_SSP is not set
 UCLIBC_BUILD_RELRO=y
 UCLIBC_BUILD_NOW=y
-# UCLIBC_BUILD_NOEXECSTACK is not set
+UCLIBC_BUILD_NOEXECSTACK=y
 
 #
 # uClibc development/debugging options

diff --git a/toolchain/uClibc/uclibc.mk b/toolchain/uClibc/uclibc.mk
index 164c474f5be0efd9d566642637c782de30e68582..b39b9399b493fe2506d7e90682dfbc65d58def77 100644 (file)
--- a/toolchain/uClibc/uclibc.mk
+++ b/toolchain/uClibc/uclibc.mk
@@ -302,6 +302,11 @@ else
        $(SED) '/UCLIBC_HAS_FLOATS/d' \
                -e 's,.*UCLIBC_HAS_FPU.*,UCLIBC_HAS_FPU=y\nHAS_FPU=y\nUCLIBC_HAS_FLOATS=y\n,g' \
                $(UCLIBC_DIR)/.oldconfig
+endif
+ifeq ($(BR2_USE_SSP),y)
+       $(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=y,g' $(UCLIBC_DIR)/.oldconfig
+else
+       $(SED) 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=n,g' $(UCLIBC_DIR)/.oldconfig
 endif
        $(SED) '/UCLIBC_HAS_THREADS/d' $(UCLIBC_DIR)/.oldconfig
        $(SED) '/LINUXTHREADS/d' $(UCLIBC_DIR)/.oldconfig