diff options
author | Joshua Lock <joshua.g.lock@intel.com> | 2016-08-11 15:58:41 +0100 |
---|---|---|
committer | Joshua Lock <joshua.g.lock@intel.com> | 2016-08-19 16:24:32 +0100 |
commit | d7af57b9c8284eaa96fa6c0a560c0047b03fb911 (patch) | |
tree | 97fd612135de0ced3cb02ce6759588569bc5df14 /meta/conf/distro/include/security_flags.inc | |
parent | 3d0c1a2e16f3e7d08d2be97a4b9540f0ba713e94 (diff) | |
download | openembedded-core-contrib-d7af57b9c8284eaa96fa6c0a560c0047b03fb911.tar.gz |
security_flags: pass ssp-buffer-size param to stack protector
This tells the compiler to use a canary to protect any function which
declares a character array of 4 or more bytes on its stack, rather
than the default of 8 or more bytes.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Diffstat (limited to 'meta/conf/distro/include/security_flags.inc')
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 77fade6d03..691cea1156 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -12,8 +12,8 @@ lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE # Error on use of format strings that represent possible security problems SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" -SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_CFLAGS ?= "-fstack-protector-strong --param ssp-buffer-size=4 -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong --param ssp-buffer-size=4 ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now" SECURITY_X_LDFLAGS ?= "-Wl,-z,relro" |