Skip to content
Snippets Groups Projects
Select Git revision
  • add-tplink-eap225-outdoor-v3-support protected
  • master default
  • v21.02.2
3 results
Blame Permalink
  • Julien Dusser's avatar
    df0bd42f
    build: add hardened builds with PIE (ASLR) support · df0bd42f
    Julien Dusser authored 
    
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: default avatarJulien Dusser <julien.dusser@free.fr>
    df0bd42f
    History
    build: add hardened builds with PIE (ASLR) support
    Julien Dusser authored 
    
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: default avatarJulien Dusser <julien.dusser@free.fr>

Hosted with love by Chaotikum e.V. Support us if you can