diff options
author | Kees Cook <keescook@chromium.org> | 2017-01-13 11:14:39 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-01-18 12:02:35 -0800 |
commit | c61f13eaa1ee17728c41370100d2d45c254ce76f (patch) | |
tree | 63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /scripts/Makefile.gcc-plugins | |
parent | 8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 (diff) | |
download | lwn-c61f13eaa1ee17728c41370100d2d45c254ce76f.tar.gz lwn-c61f13eaa1ee17728c41370100d2d45c254ce76f.zip |
gcc-plugins: Add structleak for more stack initialization
This plugin detects any structures that contain __user attributes and
makes sure it is being fully initialized so that a specific class of
information exposure is eliminated. (This plugin was originally designed
to block the exposure of siginfo in CVE-2013-2141.)
Ported from grsecurity/PaX. This version adds a verbose option to the
plugin and the Kconfig.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'scripts/Makefile.gcc-plugins')
-rw-r--r-- | scripts/Makefile.gcc-plugins | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index 060d2cb373db..a084f7a511d8 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins @@ -25,6 +25,10 @@ ifdef CONFIG_GCC_PLUGINS endif endif + gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) += -fplugin-arg-structleak_plugin-verbose + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN + GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR |