|
@@ -282,21 +282,21 @@ config UCLIBC_CTOR_DTOR
|
|
|
then you definitely want to answer Y here. If you don't need ctors
|
|
|
or dtors and want your binaries to be as small as possible, then
|
|
|
answer N.
|
|
|
-
|
|
|
-config UCLIBC_PROPOLICE
|
|
|
+
|
|
|
+config UCLIBC_HAS_SSP
|
|
|
bool "Support for propolice stack protection"
|
|
|
default n
|
|
|
help
|
|
|
- Propolice stack protection.
|
|
|
+ Adds propolice protection to libc (__guard and __stack_smash_handler).
|
|
|
More about it on <http://www.research.ibm.com/trl/projects/security/ssp> .
|
|
|
To be able to use it, you'll also need a propolice patched gcc,
|
|
|
supporting the -fstack-protector[-all] options. It is a specially patched
|
|
|
- gcc version, were __guard and __stack_smash_handler are removed from libgcc.
|
|
|
+ gcc version, where __guard and __stack_smash_handler are removed from libgcc.
|
|
|
Most people will answer N.
|
|
|
|
|
|
choice
|
|
|
prompt "Propolice protection blocking signal"
|
|
|
- depends on UCLIBC_PROPOLICE
|
|
|
+ depends on UCLIBC_HAS_SSP
|
|
|
default PROPOLICE_BLOCK_ABRT if ! DODEBUG
|
|
|
default PROPOLICE_BLOCK_SEGV if DODEBUG
|
|
|
help
|
|
@@ -322,6 +322,13 @@ config PROPOLICE_BLOCK_KILL
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
+config UCLIBC_BUILD_SSP
|
|
|
+ bool "Build uClibc with propolice protection"
|
|
|
+ depends on UCLIBC_HAS_SSP
|
|
|
+ default n
|
|
|
+ help
|
|
|
+ Build all libraries and executables with propolice protection enabled.
|
|
|
+
|
|
|
config HAS_NO_THREADS
|
|
|
bool
|
|
|
default n
|