JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hardened-config: build with fortify source

Browse Source
This commit is contained in:
Joachim Fasting 2017-09-16 00:20:59 +02:00
parent 9a763f8f59
commit dd170cd5df
No known key found for this signature in database
GPG Key ID: 66EAB6B14F6B6E0D
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/os-specific/linux/kernel/hardened-config.nix
View File

@ -106,4 +106,9 @@ INET_DIAG n # Has been used for heap based attacks in the past
# Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
CC_STACKPROTECTOR_REGULAR n CC_STACKPROTECTOR_REGULAR n
CC_STACKPROTECTOR_STRONG y CC_STACKPROTECTOR_STRONG y
# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE
${optionalString (versionAtLeast version "4.13") ''
FORTIFY_SOURCE y
''}
'' ''