diff options
author | Matt Weber <matthew.weber@rockwellcollins.com> | 2018-01-23 22:09:41 -0600 |
---|---|---|
committer | Peter Korsgaard <peter@korsgaard.com> | 2018-01-28 15:21:14 +0100 |
commit | 20a4583ebf7fe97ea22a1ea11621dd44a8114ca5 (patch) | |
tree | 71ba47203194f6065a9193055ad0c6dff5476099 /Config.in | |
parent | d3732cf4a23c83dd6903f26c19bc9258ac227fec (diff) |
security hardening: add RELFO, FORTIFY options
This enables a user to build a complete system using these
options. It is important to note that not all packages will
build correctly to start with.
Modeled after OpenWRT approach
https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176
A good testing tool to check a target's elf files for compliance
to an array of hardening techniques can be found here:
https://github.com/slimm609/checksec.sh
[Peter: reword fortify help texts, glibc comment]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'Config.in')
-rw-r--r-- | Config.in | 70 |
1 files changed, 70 insertions, 0 deletions
@@ -734,6 +734,76 @@ endchoice comment "Stack Smashing Protection needs a toolchain w/ SSP" depends on !BR2_TOOLCHAIN_HAS_SSP +choice + bool "RELRO Protection" + depends on BR2_SHARED_LIBS + help + Enable a link-time protection know as RELRO (RELocation Read Only) + which helps to protect from certain type of exploitation techniques + altering the content of some ELF sections. + +config BR2_RELRO_NONE + bool "None" + help + Disables Relocation link-time protections. + +config BR2_RELRO_PARTIAL + bool "Partial" + help + This option makes the dynamic section not writeable after + initialization (with almost no performance penalty). + +config BR2_RELRO_FULL + bool "Full" + help + This option includes the partial configuration, but also + marks the GOT as read-only at the cost of initialization time + during program loading, i.e every time an executable is started. + +endchoice + +comment "RELocation Read Only (RELRO) needs shared libraries" + depends on !BR2_SHARED_LIBS + +choice + bool "Buffer-overflow Detection (FORTIFY_SOURCE)" + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on !BR2_OPTIMIZE_0 + help + Enable the _FORTIFY_SOURCE macro which introduces additional + checks to detect buffer-overflows in the following standard library + functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy, + strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf, + gets. + + NOTE: This feature requires an optimization level of s/1/2/3/g + + Support for this feature has been present since GCC 4.x. + +config BR2_FORTIFY_SOURCE_NONE + bool "None" + help + Disables additional checks to detect buffer-overflows. + +config BR2_FORTIFY_SOURCE_1 + bool "Conservative" + help + This option sets _FORTIFY_SOURCE to 1 and only introduces + checks that shouldn't change the behavior of conforming + programs. Adds checks at compile-time only. + +config BR2_FORTIFY_SOURCE_2 + bool "Aggressive" + help + This option sets _FORTIFY_SOURCES to 2 and some more + checking is added, but some conforming programs might fail. + Also adds checks at run-time (detected buffer overflow + terminates the program) + +endchoice + +comment "Fortify Source needs a glibc toolchain and optimization" + depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0) endmenu source "toolchain/Config.in" |