diff options
Diffstat (limited to 'arch/Kconfig')
-rw-r--r-- | arch/Kconfig | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index f1cf895..24e026d 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -336,6 +336,28 @@ config SECCOMP_FILTER See Documentation/prctl/seccomp_filter.txt for details. +config HAVE_CC_STACKPROTECTOR + bool + help + An arch should select this symbol if: + - its compiler supports the -fstack-protector option + - it has implemented a stack canary (e.g. __stack_chk_guard) + +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection" + depends on HAVE_CC_STACKPROTECTOR + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + + This feature requires gcc version 4.2 or above, or a distribution + gcc with the feature backported. + config HAVE_CONTEXT_TRACKING bool help |