commit dd170cd5df832a7f1d70aba69fee7c41d012b34a · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

hardened-config: build with fortify source

Joachim Fasting 8 years ago dd170cd5 9a763f8f

options

unified split

Changed files

pkgs

os-specific

linux

kernel

hardened-config.nix

pkgs/os-specific/linux/kernel/hardened-config.nix

···

       106
       106
        
       # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.

     

       107
       107
        
       CC_STACKPROTECTOR_REGULAR n

     

       108
       108
        
       CC_STACKPROTECTOR_STRONG y

     

       109
       109
       +
       

     

       110
       110
       +
       # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE

     

       111
       111
       +
       ${optionalString (versionAtLeast version "4.13") ''

     

       112
       112
       +
         FORTIFY_SOURCE y

     

       113
       113
       +
       ''}

     

       109
       114
        
       ''