Improve hardening by using -fstack-protector-strong

This functionality is now available for us since we updated to GCC 4.9 and just improves the stack smashing protector in GCC. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 11:13:24 +02:00 · 2016-01-18 22:26:23 +00:00
parent cc9f461f74
commit 857b2c795e
7 changed files with 13 additions and 13 deletions
--- a/tools/make-functions
+++ b/tools/make-functions
@@ -109,7 +109,7 @@ configure_target() {
 	MACHINE="${TARGET_ARCH}"

 	CFLAGS="-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC"
-	CFLAGS="${CFLAGS} -fstack-protector-all --param=ssp-buffer-size=4 ${CFLAGS_ARCH}"
+	CFLAGS="${CFLAGS} -fstack-protector-strong --param=ssp-buffer-size=4 ${CFLAGS_ARCH}"
 	CXXFLAGS="${CFLAGS}"
 }