aboutsummaryrefslogtreecommitdiff
path: root/Config.in
diff options
context:
space:
mode:
authorGravatar Matt Weber <matthew.weber@rockwellcollins.com>2018-01-23 22:09:41 -0600
committerGravatar Peter Korsgaard <peter@korsgaard.com>2018-01-28 15:21:14 +0100
commit20a4583ebf7fe97ea22a1ea11621dd44a8114ca5 (patch)
tree71ba47203194f6065a9193055ad0c6dff5476099 /Config.in
parentd3732cf4a23c83dd6903f26c19bc9258ac227fec (diff)
downloadbuildroot-20a4583ebf7fe97ea22a1ea11621dd44a8114ca5.tar.gz
buildroot-20a4583ebf7fe97ea22a1ea11621dd44a8114ca5.tar.bz2
security hardening: add RELFO, FORTIFY options
This enables a user to build a complete system using these options. It is important to note that not all packages will build correctly to start with. Modeled after OpenWRT approach https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176 A good testing tool to check a target's elf files for compliance to an array of hardening techniques can be found here: https://github.com/slimm609/checksec.sh [Peter: reword fortify help texts, glibc comment] Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'Config.in')
-rw-r--r--Config.in70
1 files changed, 70 insertions, 0 deletions
diff --git a/Config.in b/Config.in
index e7e5c2d077..0002df5176 100644
--- a/Config.in
+++ b/Config.in
@@ -734,6 +734,76 @@ endchoice
comment "Stack Smashing Protection needs a toolchain w/ SSP"
depends on !BR2_TOOLCHAIN_HAS_SSP
+choice
+ bool "RELRO Protection"
+ depends on BR2_SHARED_LIBS
+ help
+ Enable a link-time protection know as RELRO (RELocation Read Only)
+ which helps to protect from certain type of exploitation techniques
+ altering the content of some ELF sections.
+
+config BR2_RELRO_NONE
+ bool "None"
+ help
+ Disables Relocation link-time protections.
+
+config BR2_RELRO_PARTIAL
+ bool "Partial"
+ help
+ This option makes the dynamic section not writeable after
+ initialization (with almost no performance penalty).
+
+config BR2_RELRO_FULL
+ bool "Full"
+ help
+ This option includes the partial configuration, but also
+ marks the GOT as read-only at the cost of initialization time
+ during program loading, i.e every time an executable is started.
+
+endchoice
+
+comment "RELocation Read Only (RELRO) needs shared libraries"
+ depends on !BR2_SHARED_LIBS
+
+choice
+ bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
+ depends on BR2_TOOLCHAIN_USES_GLIBC
+ depends on !BR2_OPTIMIZE_0
+ help
+ Enable the _FORTIFY_SOURCE macro which introduces additional
+ checks to detect buffer-overflows in the following standard library
+ functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy,
+ strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf,
+ gets.
+
+ NOTE: This feature requires an optimization level of s/1/2/3/g
+
+ Support for this feature has been present since GCC 4.x.
+
+config BR2_FORTIFY_SOURCE_NONE
+ bool "None"
+ help
+ Disables additional checks to detect buffer-overflows.
+
+config BR2_FORTIFY_SOURCE_1
+ bool "Conservative"
+ help
+ This option sets _FORTIFY_SOURCE to 1 and only introduces
+ checks that shouldn't change the behavior of conforming
+ programs. Adds checks at compile-time only.
+
+config BR2_FORTIFY_SOURCE_2
+ bool "Aggressive"
+ help
+ This option sets _FORTIFY_SOURCES to 2 and some more
+ checking is added, but some conforming programs might fail.
+ Also adds checks at run-time (detected buffer overflow
+ terminates the program)
+
+endchoice
+
+comment "Fortify Source needs a glibc toolchain and optimization"
+ depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
endmenu
source "toolchain/Config.in"