diff options
author | Joshua Lock <joshua.g.lock@intel.com> | 2016-08-18 12:42:54 +0100 |
---|---|---|
committer | Joshua Lock <joshua.g.lock@intel.com> | 2016-08-19 16:24:32 +0100 |
commit | e1c9ed16dca8115a052e08732ec66ce29c9da746 (patch) | |
tree | 0b7e59c3412160275e9e6afb604ae909f5e626e0 /meta | |
parent | c22c65ac4ea0ab842e6807c2876d1c8b85de035f (diff) | |
download | openembedded-core-contrib-e1c9ed16dca8115a052e08732ec66ce29c9da746.tar.gz |
security_flags: update comment header
Embelish a little on the utility of the extra compiler and linker
flags enabled by this include.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 698f4c25ad..295c733d3e 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -1,6 +1,9 @@ -# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These -# don't work universally, there are recipes which can't use one, the other -# or both so a blacklist is maintained here. The idea would be over +# Setup extra CFLAGS and LDFLAGS which: +# * add extra compilation checks for known security anti-patterns +# * generate extra code to protect against various attacks +# * harden the produced binaries to provide extra protection against attacks. +# These don't work universally, there are recipes which can't use one, the +# other or both so a blacklist is maintained here. The idea would be over # time to reduce this list to nothing. # From a Yocto Project perspective, this file is included and tested # in the DISTRO="poky-lsb" configuration. |