hardening: add relro and bind_now features
As usual with features, this can be activated/deactivated via WITH/WITHOUT_<feature> Each port can individually mark itself as not supporting the feature via <feature>_UNSAFE=
This commit is contained in:
Baptiste Daroussin
10
Mk/Features/bind_now.mk
Normal file
10
Mk/Features/bind_now.mk
Normal file
@@ -0,0 +1,10 @@
|
||||
# BIND_NOW Support
|
||||
|
||||
.if !defined(_BIND_NOW_MK_INCLUDED)
|
||||
_BIND_NOW_MK_INCLUDED= yes
|
||||
BIND_NOW_Include_MAINTAINER= portmgr@FreeBSD.org
|
||||
|
||||
. if !defined(BIND_NOW_UNSAFE)
|
||||
LDFLAGS+= -Wl,-znow
|
||||
. endif
|
||||
.endif
|
||||
10
Mk/Features/relro.mk
Normal file
10
Mk/Features/relro.mk
Normal file
@@ -0,0 +1,10 @@
|
||||
# RELRO Support
|
||||
|
||||
.if !defined(_RELRO_MK_INCLUDED)
|
||||
_RELRO_MK_INCLUDED= yes
|
||||
RELRO_Include_MAINTAINER= portmgr@FreeBSD.org
|
||||
|
||||
. if !defined(RELRO_UNSAFE)
|
||||
LDFLAGS+= -Wl,-zrelro
|
||||
. endif
|
||||
.endif
|
||||
@@ -1017,7 +1017,7 @@ LC_ALL= C
|
||||
# These need to be absolute since we don't know how deep in the ports
|
||||
# tree we are and thus can't go relative. They can, of course, be overridden
|
||||
# by individual Makefiles or local system make configuration.
|
||||
_LIST_OF_WITH_FEATURES= debug lto ssp pie
|
||||
_LIST_OF_WITH_FEATURES= debug lto ssp pie relro bind_now
|
||||
_DEFAULT_WITH_FEATURES= ssp
|
||||
PORTSDIR?= /usr/ports
|
||||
LOCALBASE?= /usr/local
|
||||
|
||||
Reference in New Issue
Block a user