Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit afb45637 authored by Joshua J. Drake's avatar Joshua J. Drake Committed by Nick Kralevich
Browse files

Enable NX protections 

Add -Wa,--noexecstack and -Wl,-z,noexecstack as default
flags when compiling host-side applications.  This enables
NX protections, which prevent code from executing on the
stack or heap.  NX protections make exploiting memory
corruption issues more challenging and is an important
security feature.

Change-Id: Iae580abe887e01f9029ec2a4e0fc0aae496724a4
parent d270230f

core/combo/HOST_linux-x86.mk

+4 −4
Original line number Diff line number Diff line
@@ -39,12 +39,12 @@ ifneq ($(strip $(BUILD_HOST_64bit)),) 
# more consistency between the host tools and the target.

# BUILD_HOST_64bit=1 overrides it for tool like emulator

# which can benefit from 64-bit host arch.

HOST_GLOBAL_CFLAGS += -m64

HOST_GLOBAL_LDFLAGS += -m64

HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack

HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack

else

# We expect SSE3 floating point math.

HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32

HOST_GLOBAL_LDFLAGS += -m32

HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32 -Wa,--noexecstack

HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack

endif # BUILD_HOST_64bit



ifneq ($(strip $(BUILD_HOST_static)),)