From dd170cd5df832a7f1d70aba69fee7c41d012b34a Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 16 Sep 2017 00:20:59 +0200 Subject: [PATCH] hardened-config: build with fortify source --- pkgs/os-specific/linux/kernel/hardened-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index dda7ca6226c9..7f1fb98789d9 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -106,4 +106,9 @@ INET_DIAG n # Has been used for heap based attacks in the past # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. CC_STACKPROTECTOR_REGULAR n CC_STACKPROTECTOR_STRONG y + +# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE +${optionalString (versionAtLeast version "4.13") '' + FORTIFY_SOURCE y +''} ''