From: Matthew Weber <matthew.weber@collins.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] utils/genrandconfig: drop hardening Config enables
Date: Fri, 21 May 2021 08:17:52 -0500 [thread overview]
Message-ID: <20210521131752.9893-1-matthew.weber@collins.com> (raw)
Since 810ba387bec3c5b, some form of these options are enable
by default. Specifically:
- Kept FORTIFY level 2 option as the default is now level 1.
- Removed all SSP options as the default now uses the best
option based on toolchain support.
- Similar to SSP, for RELRO, the default now uses the best
option based on toolchain support.
- Completely drop PIC PIE as it defaults =y
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
---
utils/genrandconfig | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/utils/genrandconfig b/utils/genrandconfig
index 93dc6d898b..e1655655fa 100755
--- a/utils/genrandconfig
+++ b/utils/genrandconfig
@@ -371,22 +371,8 @@ def gen_config(args):
configlines.append("BR2_OPTIMIZE_2=y\n")
if randint(0, 4) == 0:
configlines.append("BR2_SYSTEM_ENABLE_NLS=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_PIC_PIE=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_RELRO_FULL=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_RELRO_PARTIAL=y\n")
- if randint(0, 4) == 0:
- configlines.append("BR2_SSP_ALL=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_SSP_REGULAR=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_SSP_STRONG=y\n")
if randint(0, 4) == 0:
configlines.append("BR2_FORTIFY_SOURCE_2=y\n")
- elif randint(0, 4) == 0:
- configlines.append("BR2_FORTIFY_SOURCE_1=y\n")
# Randomly enable BR2_REPRODUCIBLE 10% of times
# also enable tar filesystem images for testing
--
2.17.1
next reply other threads:[~2021-05-21 13:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-21 13:17 Matthew Weber [this message]
2021-05-24 13:16 ` Yann E. MORIN
2021-05-24 13:32 ` Yann E. MORIN
2021-05-24 13:31 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521131752.9893-1-matthew.weber@collins.com \
--to=matthew.weber@collins.com \
--cc=buildroot@busybox.net \
--subject='Re: [Buildroot] [PATCH] utils/genrandconfig: drop hardening Config enables' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.