On 12/12/22 09:18, Marc-André Lureau wrote:
- # Disable ASLR for debug builds to allow debugging with gdb - if get_option('optimization') == '0' - qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase') - endif + qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')What about the comment for disabling ASLR on debug builds?
The problem with that line is that it _enables_ ASLR for debug builds, and nobody has complained about gdb since last April... And nobody has complained to Debian or other distros that have enabled the flag for years now.
I'll clarify the commit message.
I wonder if we really have to add those flags ourself. Imho, we can leave them to the compiler default or distrib.. I bet most of the deps don't use those flags explicitly either.
I think so, at least Firefox does. In general QEMU tries to do more build-time hardening than the average pacakge.
Paolo
