[had to add Dscho as recipient manually, mind you] Am 29.04.19 um 23:56 schrieb İsmail Dönmez via GitGitGadget: > From: =?UTF-8?q?=C4=B0smail=20D=C3=B6nmez?= <ism...@i10z.com> > > Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout > Randomization) support. This applies to both 32bit and 64bit builds > and makes it substantially harder to exploit security holes in Git by > offering a much more unpredictable attack surface. > > ASLR interferes with GDB's ability to set breakpoints. A similar issue > holds true when compiling with -O2 (in which case single-stepping is > messed up because GDB cannot map the code back to the original source > code properly). Therefore we simply enable ASLR only when an > optimization flag is present in the CFLAGS, using it as an indicator > that the developer does not want to debug in GDB anyway. > > Signed-off-by: İsmail Dönmez <ism...@i10z.com> > Signed-off-by: Johannes Schindelin <johannes.schinde...@gmx.de> > --- > config.mak.uname | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/config.mak.uname b/config.mak.uname > index e7c7d14e5f..a9edcc5f0b 100644 > --- a/config.mak.uname > +++ b/config.mak.uname > @@ -570,6 +570,12 @@ else > ifeq ($(shell expr "$(uname_R)" : '2\.'),2) > # MSys2 > prefix = /usr/ > + # Enable DEP > + BASIC_LDFLAGS += -Wl,--nxcompat > + # Enable ASLR (unless debugging) > + ifneq (,$(findstring -O,$(CFLAGS))) > + BASIC_LDFLAGS += -Wl,--dynamicbase > + endif > ifeq (MINGW32,$(MSYSTEM)) > prefix = /mingw32 > HOST_CPU = i686 >
I'm a bit concerned that this breaks my debug sessions where I use -O0. But I'll test without -O0 before I really complain. -- Hannes
