From a3499b2d619de38125390f2a108b851d4d0d2023 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Wed, 12 Feb 2014 15:19:19 +0100 Subject: add special linker scripts, to disable lazy loading of symbols and to make relocations read-only, security enhancement, idea seen in sabotage linux --- mk/vars.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mk/vars.mk b/mk/vars.mk index ffd729ff4..014017ee8 100644 --- a/mk/vars.mk +++ b/mk/vars.mk @@ -85,6 +85,8 @@ TARGET_LDFLAGS:= -L$(STAGING_TARGET_DIR)/lib -L$(STAGING_TARGET_DIR)/usr/lib \ -Wl,-O2 -Wl,-rpath -Wl,/usr/lib \ -Wl,-rpath-link -Wl,${STAGING_TARGET_DIR}/usr/lib \ $(ADK_TARGET_ABI_LDFLAGS) $(TARGET_CFLAGS_ARCH) +# security optimization, see http://www.akkadia.org/drepper/dsohowto.pdf +TARGET_LDFLAGS+= -Wl,-z,relro,-z,now ifneq ($(ADK_NATIVE),) TARGET_CPPFLAGS:= -- cgit v1.2.3