The GCC option -fstack-protector-all is a security feature used to protect against stack-smashing attacks.
This option enhances the stack-smashing protection provided by -fstack-protector-strong.
-fstack-protector-all option applies stack protection to all functions, regardless of their characteristics.
While this offers the most comprehensive protection against stack-smashing attacks, it can significantly impact
the performance of the program because every function call includes additional checks for stack integrity.
This option can incur a performance penalty because of the extra checks added to every function call,
but it significantly enhances security, making it harder for attackers to exploit buffer overflows to execute arbitrary code.
It's particularly useful in scenarios where security is paramount and performance trade-offs are acceptable.
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
bool "Regular"
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
+ config PKG_CC_STACKPROTECTOR_ALL
+ bool "All"
endchoice
choice
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
+ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
+ ifeq ($(strip $(PKG_SSP)),1)
+ TARGET_CFLAGS += -fstack-protector-all
+ endif
+endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
projects / openwrt / staging / jow.git / commitdiff