X-Git-Url: http://git.ozo.com/?a=blobdiff_plain;f=include%2Fhardening.mk;h=06a61789ef6bcc75bcbd6322bb71538a72f7199f;hb=2f46f4375480838b3e9b89e4bcd5117e71aae8cc;hp=8a24b3ca15e4277aff7794aa6fbc6e0d7680f5b1;hpb=fc5f02410f27de8b2b97a8edccb859773094591e;p=openwrt%2F.git

diff --git a/include/hardening.mk b/include/hardening.mk
index 8a24b3ca15..06a61789ef 100644
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -6,48 +6,50 @@
 #
 
 PKG_CHECK_FORMAT_SECURITY ?= 1
-PKG_CC_STACKPROTECTOR_REGULAR ?= 1
-PKG_CC_STACKPROTECTOR_STRONG ?= 1
-PKG_FORTIFY_SOURCE_1 ?= 1
-PKG_FORTIFY_SOURCE_2 ?= 1
-PKG_RELRO_PARTIAL ?= 1
-PKG_RELRO_FULL ?= 1
+PKG_ASLR_PIE ?= 1
+PKG_SSP ?= 1
+PKG_FORTIFY_SOURCE ?= 1
+PKG_RELRO ?= 1
 
 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
   ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
     TARGET_CFLAGS += -Wformat -Werror=format-security
   endif
 endif
+ifdef CONFIG_PKG_ASLR_PIE
+  ifeq ($(strip $(PKG_ASLR_PIE)),1)
+    TARGET_CFLAGS += -fPIC
+    TARGET_LDFLAGS += -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
+  endif
+endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
-  ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
+  ifeq ($(strip $(PKG_SSP)),1)
     TARGET_CFLAGS += -fstack-protector
-    TARGET_LDFLAGS += -fstack-protector
   endif
 endif
 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
-  ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
+  ifeq ($(strip $(PKG_SSP)),1)
     TARGET_CFLAGS += -fstack-protector-strong
-    TARGET_LDFLAGS += -fstack-protector-strong
   endif
 endif
 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
-  ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
+  ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
     TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
   endif
 endif
 ifdef CONFIG_PKG_FORTIFY_SOURCE_2
-  ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
+  ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
     TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
   endif
 endif
 ifdef CONFIG_PKG_RELRO_PARTIAL
-  ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
+  ifeq ($(strip $(PKG_RELRO)),1)
     TARGET_CFLAGS += -Wl,-z,relro
     TARGET_LDFLAGS += -zrelro
   endif
 endif
 ifdef CONFIG_PKG_RELRO_FULL
-  ifeq ($(strip $(PKG_RELRO_FULL)),1)
+  ifeq ($(strip $(PKG_RELRO)),1)
     TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
     TARGET_LDFLAGS += -znow -zrelro
   endif