bool "Select all userspace packages by default"
default n
+ config SIGNED_PACKAGES
+ bool "Cryptographically signed package lists"
+ default y
+
comment "General build options"
config DISPLAY_SUPPORT
config PKG_CHECK_FORMAT_SECURITY
bool
prompt "Enable gcc format-security"
- default n
+ default y
help
Add -Wformat -Werror=format-security to the CFLAGS. You can disable
this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
choice
prompt "User space Stack-Smashing Protection"
- default PKG_CC_STACKPROTECTOR_NONE
+ default PKG_CC_STACKPROTECTOR_REGULAR
help
Enable GCC Stack Smashing Protection (SSP) for userspace applications
config PKG_CC_STACKPROTECTOR_NONE
bool "None"
config PKG_CC_STACKPROTECTOR_REGULAR
bool "Regular"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on KERNEL_CC_STACKPROTECTOR_REGULAR
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
- select SSP_SUPPORT
+ select SSP_SUPPORT if !USE_MUSL
depends on GCC_VERSION_4_9_LINARO
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
choice
prompt "Kernel space Stack-Smashing Protection"
- default KERNEL_CC_STACKPROTECTOR_NONE
+ default KERNEL_CC_STACKPROTECTOR_REGULAR
help
Enable GCC Stack-Smashing Protection (SSP) for the kernel
config KERNEL_CC_STACKPROTECTOR_NONE
choice
prompt "Enable RELRO protection"
+ default PKG_RELRO_FULL
help
Enable a link-time protection known as RELRO (Relocation Read Only)
which helps to protect from certain type of exploitation techniques