menuconfig: add help description for Stack Smashing Protection options
authorMarius Dinu <m95d+git@psihoexpert.ro>
Sat, 9 Nov 2024 17:20:47 +0000 (19:20 +0200)
committerPetr Štetiar <ynezz@true.cz>
Thu, 28 Nov 2024 18:46:41 +0000 (18:46 +0000)
Descriptions taken from:
https://wiki.osdev.org/Stack_Smashing_Protector

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
Link: https://github.com/openwrt/openwrt/pull/16897
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit cbf7be9fb37baaaf7ee5c2b6315028bd47c764bc)
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
config/Config-build.in

index 41c1daccd99564e001722f0f0769a53bdf55a726..481be0bb6c55dd882763a30985c925bea418788a 100644 (file)
@@ -295,12 +295,22 @@ menu "Global build settings"
                  Enable GCC Stack Smashing Protection (SSP) for userspace applications
                config PKG_CC_STACKPROTECTOR_NONE
                        bool "None"
+                       help
+                               No stack smashing protection.
                config PKG_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
+                       help
+                               Protects functions with vulnerable objects.
+                               This includes functions with buffers larger than 8 bytes or calls to alloca.
                config PKG_CC_STACKPROTECTOR_STRONG
                        bool "Strong"
+                       help
+                               Like Regular, but also protects functions with
+                               local arrays or references to local frame addresses.
                config PKG_CC_STACKPROTECTOR_ALL
                        bool "All"
+                       help
+                               Protects all functions.
        endchoice
 
        choice
@@ -310,10 +320,18 @@ menu "Global build settings"
                  Enable GCC Stack-Smashing Protection (SSP) for the kernel
                config KERNEL_CC_STACKPROTECTOR_NONE
                        bool "None"
+                       help
+                               No stack smashing protection.
                config KERNEL_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
+                       help
+                               Protects functions with vulnerable objects.
+                               This includes functions with buffers larger than 8 bytes or calls to alloca.
                config KERNEL_CC_STACKPROTECTOR_STRONG
                        bool "Strong"
+                       help
+                               Like Regular, but also protects functions with
+                               local arrays or references to local frame addresses.
        endchoice
 
        config KERNEL_STACKPROTECTOR