utils/genrandconfig: drop hardening Config enables

Since 810ba38, some form of these options are enable by default. Specifically: - Kept FORTIFY level 2 option as the default is now level 1. - Removed all SSP options as the default now uses the best option based on toolchain support. - Similar to SSP, for RELRO, the default now uses the best option based on toolchain support. - Completely drop PIC PIE as it defaults =y Signed-off-by: Matthew Weber <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]>
citral23 · May 24, 2021 · 4e55bc8 · 4e55bc8
1 parent cb1134b
commit 4e55bc8
Showing 1 changed file with 0 additions and 14 deletions.
diff --git a/utils/genrandconfig b/utils/genrandconfig
@@ -371,22 +371,8 @@ def gen_config(args):
         configlines.append("BR2_OPTIMIZE_2=y\n")
     if randint(0, 4) == 0:
         configlines.append("BR2_SYSTEM_ENABLE_NLS=y\n")
-    if randint(0, 4) == 0:
-        configlines.append("BR2_PIC_PIE=y\n")
-    if randint(0, 4) == 0:
-        configlines.append("BR2_RELRO_FULL=y\n")
-    elif randint(0, 4) == 0:
-        configlines.append("BR2_RELRO_PARTIAL=y\n")
-    if randint(0, 4) == 0:
-        configlines.append("BR2_SSP_ALL=y\n")
-    elif randint(0, 4) == 0:
-        configlines.append("BR2_SSP_REGULAR=y\n")
-    elif randint(0, 4) == 0:
-        configlines.append("BR2_SSP_STRONG=y\n")
     if randint(0, 4) == 0:
         configlines.append("BR2_FORTIFY_SOURCE_2=y\n")
-    elif randint(0, 4) == 0:
-        configlines.append("BR2_FORTIFY_SOURCE_1=y\n")
 
     # Randomly enable BR2_REPRODUCIBLE 10% of times
     # also enable tar filesystem images for testing