Re: [PATCH 2/2] mingw: enable DEP and ASLR
- Date: Wed, 1 May 2019 16:46:31 -0400
- From: Jeff King <peff@xxxxxxxx>
- Subject: Re: [PATCH 2/2] mingw: enable DEP and ASLR
On Tue, Apr 30, 2019 at 06:41:29PM -0400, Johannes Schindelin wrote:
> > I'm a bit concerned that this breaks my debug sessions where I use -O0.
> > But I'll test without -O0 before I really complain.
> Weird. Jameson Miller also mentioned this very concern in an internal
> I guess I'll do something like
> ifneq (,$(findstring -O,$(filter-out -O0,$(CFLAGS))))
> Does that work for you?
I wonder if this points to this patch touching the wrong level. These
compiler flags are a thing that _some_ builds want (i.e., production
builds where people care most about security and not about debugging),
but not necessarily all.
I'd have expected this to be tweakable by a Makefile knob (either a
specific knob, or just the caller setting the right CFLAGS etc), and
then for the builds of Git for Windows to turn those knobs when making a
package to distribute.
Our internal package builds at GitHub all have this in their config.mak
(for Linux, of course):
CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1
CFLAGS += -fstack-protector-strong
CFLAGS += -fpie
LDFLAGS += -z relro -z now
LDFLAGS += -pie
and I wouldn't be surprised if other binary distributors (like the
Debian package) do something similar.