From: Matthew Weber <matthew.weber@collins.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] utils/genrandconfig: drop hardening Config enables
Date: Fri, 21 May 2021 08:17:52 -0500 [thread overview]
Message-ID: <20210521131752.9893-1-matthew.weber@collins.com> (raw)
Since 810ba387bec3c5b, some form of these options are enable
by default. Specifically:
- Kept FORTIFY level 2 option as the default is now level 1.
- Removed all SSP options as the default now uses the best
option based on toolchain support.
- Similar to SSP, for RELRO, the default now uses the best
option based on toolchain support.
- Completely drop PIC PIE as it defaults =y
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
---
utils/genrandconfig | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/utils/genrandconfig b/utils/genrandconfig
index 93dc6d898b..e1655655fa 100755
--- a/utils/genrandconfig
+++ b/utils/genrandconfig
@@ -371,22 +371,8 @@ def gen_config(args):
configlines.append("BR2_OPTIMIZE_2=y\n")
if randint(0, 4) == 0:
configlines.append("BR2_SYSTEM_ENABLE_NLS=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_PIC_PIE=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_RELRO_FULL=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_RELRO_PARTIAL=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_SSP_ALL=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_SSP_REGULAR=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_SSP_STRONG=y\n")
if randint(0, 4) == 0:
configlines.append("BR2_FORTIFY_SOURCE_2=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_FORTIFY_SOURCE_1=y\n")
# Randomly enable BR2_REPRODUCIBLE 10% of times
# also enable tar filesystem images for testing
--
2.17.1
next reply other threads:[~2021-05-21 13:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 13:17 Matthew Weber [this message]
2021-05-24 13:16 ` [Buildroot] [PATCH] utils/genrandconfig: drop hardening Config enables Yann E. MORIN
2021-05-24 13:32 ` Yann E. MORIN
2021-05-24 13:31 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521131752.9893-1-matthew.weber@collins.com \
--to=matthew.weber@collins.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.