summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/hardened-ld-pie.specs2
-rw-r--r--include/hardening.mk7
2 files changed, 9 insertions, 0 deletions
diff --git a/include/hardened-ld-pie.specs b/include/hardened-ld-pie.specs
new file mode 100644
index 0000000..7317b19
--- /dev/null
+++ b/include/hardened-ld-pie.specs
@@ -0,0 +1,2 @@
+*self_spec:
++ %{no-pie|static|r|shared:;:-pie}
diff --git a/include/hardening.mk b/include/hardening.mk
index c277081..06a6178 100644
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -6,6 +6,7 @@
#
PKG_CHECK_FORMAT_SECURITY ?= 1
+PKG_ASLR_PIE ?= 1
PKG_SSP ?= 1
PKG_FORTIFY_SOURCE ?= 1
PKG_RELRO ?= 1
@@ -15,6 +16,12 @@ ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
+ifdef CONFIG_PKG_ASLR_PIE
+ ifeq ($(strip $(PKG_ASLR_PIE)),1)
+ TARGET_CFLAGS += -fPIC
+ TARGET_LDFLAGS += -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
+ endif
+endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector