diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2014-02-12 15:19:19 +0100 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2014-02-12 15:19:19 +0100 |
| commit | a3499b2d619de38125390f2a108b851d4d0d2023 (patch) | |
| tree | bc4f7a0ea744a6f261325cf21b5da6563507576b | |
| parent | 7bae0bafa415b79ad56a00043fdd18df49a5788a (diff) | |
add special linker scripts, to disable lazy loading of symbols and to make relocations read-only, security enhancement, idea seen in sabotage linux
| -rw-r--r-- | mk/vars.mk | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/mk/vars.mk b/mk/vars.mk index ffd729ff4..014017ee8 100644 --- a/mk/vars.mk +++ b/mk/vars.mk @@ -85,6 +85,8 @@ TARGET_LDFLAGS:= -L$(STAGING_TARGET_DIR)/lib -L$(STAGING_TARGET_DIR)/usr/lib \ -Wl,-O2 -Wl,-rpath -Wl,/usr/lib \ -Wl,-rpath-link -Wl,${STAGING_TARGET_DIR}/usr/lib \ $(ADK_TARGET_ABI_LDFLAGS) $(TARGET_CFLAGS_ARCH) +# security optimization, see http://www.akkadia.org/drepper/dsohowto.pdf +TARGET_LDFLAGS+= -Wl,-z,relro,-z,now ifneq ($(ADK_NATIVE),) TARGET_CPPFLAGS:= |