summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar İsmail Dönmez <ismail@i10z.com>2019-05-08 04:30:59 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2019-05-13 10:55:20 +0900
commitce6a158561f906bfd48ab7a9c7a4c48134844e85 (patch)
treed5635f65ef5101b1df000edf0658dd1e9524f4c6
parentmingw: do not let ld strip relocations (diff)
downloadtgif-ce6a158561f906bfd48ab7a9c7a4c48134844e85.tar.xz
mingw: enable DEP and ASLR
Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) support. This applies to both 32bit and 64bit builds and makes it substantially harder to exploit security holes in Git by offering a much more unpredictable attack surface. ASLR interferes with GDB's ability to set breakpoints. A similar issue holds true when compiling with -O2 (in which case single-stepping is messed up because GDB cannot map the code back to the original source code properly). Therefore we simply enable ASLR only when an optimization flag is present in the CFLAGS, using it as an indicator that the developer does not want to debug in GDB anyway. Signed-off-by: İsmail Dönmez <ismail@i10z.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--config.mak.uname6
1 files changed, 6 insertions, 0 deletions
diff --git a/config.mak.uname b/config.mak.uname
index 01b390c043..6f92f4746e 100644
--- a/config.mak.uname
+++ b/config.mak.uname
@@ -575,6 +575,12 @@ else
ifneq ($(shell expr "$(uname_R)" : '1\.'),2)
# MSys2
prefix = /usr/
+ # Enable DEP
+ BASIC_LDFLAGS += -Wl,--nxcompat
+ # Enable ASLR (unless debugging)
+ ifneq (,$(findstring -O,$(filter-out -O0 -Og,$(CFLAGS))))
+ BASIC_LDFLAGS += -Wl,--dynamicbase
+ endif
ifeq (MINGW32,$(MSYSTEM))
prefix = /mingw32
HOST_CPU = i686