summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-06-27 02:29:02 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2019-06-27 12:53:45 -0700
commita1c5e906c8bab294f380151f59e552766fdf32b7 (patch)
treecbb0992d4b9b6dd1b2e3c5b93dfd6e38a15e015a
parentThe third batch (diff)
downloadtgif-a1c5e906c8bab294f380151f59e552766fdf32b7.tar.xz
mingw: enable stack smashing protector
To reduce Git for Windows' attack surface, we started using the Address Space Layout Randomization and Data Execution Prevention features in ce6a158561f9 (mingw: enable DEP and ASLR, 2019-05-08). To remove yet another attack vector, let's make use of gcc's stack smashing protector that helps detect stack buffer overruns early. Rather than using -fstack-protector, we use -fstack-protector-strong because on Windows: The latter appears to strike a better balance between the performance impact and the provided safety. In a non-scientific test (time git log --grep=is -p), best of 5 timings went from 23.009s to 22.997s, i.e. the performance impact was *well* lost in the noise. This fixes https://github.com/git-for-windows/git/issues/501 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--config.mak.uname3
1 files changed, 2 insertions, 1 deletions
diff --git a/config.mak.uname b/config.mak.uname
index b71688eeb7..2400e7879c 100644
--- a/config.mak.uname
+++ b/config.mak.uname
@@ -596,7 +596,8 @@ else
BASIC_LDFLAGS += -Wl,--large-address-aware
endif
CC = gcc
- COMPAT_CFLAGS += -D__USE_MINGW_ANSI_STDIO=0 -DDETECT_MSYS_TTY
+ COMPAT_CFLAGS += -D__USE_MINGW_ANSI_STDIO=0 -DDETECT_MSYS_TTY \
+ -fstack-protector-strong
EXTLIBS += -lntdll
INSTALL = /bin/install
NO_R_TO_GCC_LINKER = YesPlease