diff options
author | İsmail Dönmez <ismail@i10z.com> | 2019-05-08 04:30:59 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2019-05-13 10:55:20 +0900 |
commit | ce6a158561f906bfd48ab7a9c7a4c48134844e85 (patch) | |
tree | d5635f65ef5101b1df000edf0658dd1e9524f4c6 | |
parent | mingw: do not let ld strip relocations (diff) | |
download | tgif-ce6a158561f906bfd48ab7a9c7a4c48134844e85.tar.xz |
mingw: enable DEP and ASLR
Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout
Randomization) support. This applies to both 32bit and 64bit builds
and makes it substantially harder to exploit security holes in Git by
offering a much more unpredictable attack surface.
ASLR interferes with GDB's ability to set breakpoints. A similar issue
holds true when compiling with -O2 (in which case single-stepping is
messed up because GDB cannot map the code back to the original source
code properly). Therefore we simply enable ASLR only when an
optimization flag is present in the CFLAGS, using it as an indicator
that the developer does not want to debug in GDB anyway.
Signed-off-by: İsmail Dönmez <ismail@i10z.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | config.mak.uname | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/config.mak.uname b/config.mak.uname index 01b390c043..6f92f4746e 100644 --- a/config.mak.uname +++ b/config.mak.uname @@ -575,6 +575,12 @@ else ifneq ($(shell expr "$(uname_R)" : '1\.'),2) # MSys2 prefix = /usr/ + # Enable DEP + BASIC_LDFLAGS += -Wl,--nxcompat + # Enable ASLR (unless debugging) + ifneq (,$(findstring -O,$(filter-out -O0 -Og,$(CFLAGS)))) + BASIC_LDFLAGS += -Wl,--dynamicbase + endif ifeq (MINGW32,$(MSYSTEM)) prefix = /mingw32 HOST_CPU = i686 |