diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-16 00:20:59 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-16 00:31:25 +0200 |
| commit | dd170cd5df832a7f1d70aba69fee7c41d012b34a (patch) | |
| tree | b2fd717f23d5f7877025c2569649cb386cacba28 /pkgs/os-specific | |
| parent | 9a763f8f59e9dd03a93fa99170d16f1ad517af0f (diff) | |
| download | nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar.gz nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar.bz2 nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar.lz nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar.xz nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.tar.zst nixlib-dd170cd5df832a7f1d70aba69fee7c41d012b34a.zip | |
hardened-config: build with fortify source
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index dda7ca6226c9..7f1fb98789d9 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -106,4 +106,9 @@ INET_DIAG n # Has been used for heap based attacks in the past # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. CC_STACKPROTECTOR_REGULAR n CC_STACKPROTECTOR_STRONG y + +# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE +${optionalString (versionAtLeast version "4.13") '' + FORTIFY_SOURCE y +''} '' |