Files · 3bdbc3ae2151be51359684bbef358a1e0133861a · fact-depend / kernel-hardening-checker

Improve the STACKPROTECTOR check · 3bdbc3ae

The Linux kernel 4.16-4.17 has a weird STACKPROTECTOR configuration:
CC_STACKPROTECTOR_NONE -- stackprotector is disabled;
CC_STACKPROTECTOR_REGULAR -- similar to current STACKPROTECTOR;
CC_STACKPROTECTOR_STRONG -- similar to current STACKPROTECTOR_STRONG;
CC_STACKPROTECTOR_AUTO -- the best stack-protector that compiler provides.
These options are mutually exclusive.

Let's improve the STACKPROTECTOR check:
- Add CC_STACKPROTECTOR_REGULAR as a valid alternative name of this option;
- Add CC_STACKPROTECTOR_STRONG to avoid false negative result;
- Add CC_STACKPROTECTOR_AUTO hoping that it enables at least STACKPROTECTOR.

The STACKPROTECTOR_STRONG check still requires explicit configuration, not
CC_STACKPROTECTOR_AUTO.

Thanks to @izh1979 for the idea

authored Jul 21, 2022

3bdbc3ae

Name	Last commit	Last update
.github/workflows		Loading commit data...
bin		Loading commit data...
contrib		Loading commit data...
kconfig_hardened_check		Loading commit data...
.gitignore		Loading commit data...
LICENSE.txt		Loading commit data...
MANIFEST.in		Loading commit data...
README.md		Loading commit data...
default.nix		Loading commit data...
setup.cfg		Loading commit data...
setup.py		Loading commit data...

README.md