Web lists-archives.com

Re: [PATCH 2/2] mingw: enable DEP and ASLR




[had to add Dscho as recipient manually, mind you]

Am 29.04.19 um 23:56 schrieb İsmail Dönmez via GitGitGadget:
> From: =?UTF-8?q?=C4=B0smail=20D=C3=B6nmez?= <ismail@xxxxxxxx>
> 
> Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout
> Randomization) support. This applies to both 32bit and 64bit builds
> and makes it substantially harder to exploit security holes in Git by
> offering a much more unpredictable attack surface.
> 
> ASLR interferes with GDB's ability to set breakpoints. A similar issue
> holds true when compiling with -O2 (in which case single-stepping is
> messed up because GDB cannot map the code back to the original source
> code properly). Therefore we simply enable ASLR only when an
> optimization flag is present in the CFLAGS, using it as an indicator
> that the developer does not want to debug in GDB anyway.
> 
> Signed-off-by: İsmail Dönmez <ismail@xxxxxxxx>
> Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx>
> ---
>  config.mak.uname | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/config.mak.uname b/config.mak.uname
> index e7c7d14e5f..a9edcc5f0b 100644
> --- a/config.mak.uname
> +++ b/config.mak.uname
> @@ -570,6 +570,12 @@ else
>  	ifeq ($(shell expr "$(uname_R)" : '2\.'),2)
>  		# MSys2
>  		prefix = /usr/
> +		# Enable DEP
> +		BASIC_LDFLAGS += -Wl,--nxcompat
> +		# Enable ASLR (unless debugging)
> +		ifneq (,$(findstring -O,$(CFLAGS)))
> +			BASIC_LDFLAGS += -Wl,--dynamicbase
> +		endif
>  		ifeq (MINGW32,$(MSYSTEM))
>  			prefix = /mingw32
>  			HOST_CPU = i686
> 

I'm a bit concerned that this breaks my debug sessions where I use -O0.
But I'll test without -O0 before I really complain.

-- Hannes