From 191f646295bf8d5a0751994f7cab194a391c3e12 Mon Sep 17 00:00:00 2001 From: Pirama Arumuga Nainar Date: Thu, 30 Aug 2018 12:37:56 -0700 Subject: Use Windows security mitigation features: ASLR, DEP Bug: https://issuetracker.google.com/36952278 Bug: http://b/113171785 From https://android-review.googlesource.com/c/platform/system/core/+/737292: The --dynamicbase linker flag enables use of Address Space Layout Randomization (ASLR) on Windows Vista and newer. It causes the code segment / module to be loaded at unpredictable addresses to make exploits harder to construct. The --nxcompat linker flag enables use of Data Execution Protection (DEP) on Windows XP SP2 and newer. It causes the process to be killed if the process tries to execute code on memory pages not marked executable. This makes exploits harder to construct because the stack is then not executable, other data pages aren't, etc. These bits are already set on AdbWinApi.dll and AdbWinUsbApi.dll. --high-entropy-va provides improved ASLR. Credit: Spencer Low for doing the initial work at https://android-review.googlesource.com/c/platform/system/core/+/737292. Test: Verify that DLLCharacteristics reported by 'objdump -x' is: 0x140 for 32-bit and 0x160 for 64-bit. Also verified trivial use cases under Wine. Change-Id: I1b898cd36c7c627916dae9ce7dfd1c27de1e3c59 --- cc/config/x86_windows_host.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cc/config/x86_windows_host.go b/cc/config/x86_windows_host.go index 4cb8fa47..9003e858 100644 --- a/cc/config/x86_windows_host.go +++ b/cc/config/x86_windows_host.go @@ -62,6 +62,8 @@ var ( windowsLdflags = []string{ "--enable-stdcall-fixup", + "-Wl,--dynamicbase", + "-Wl,--nxcompat", } windowsClangLdflags = append(ClangFilterUnknownCflags(windowsLdflags), []string{}...) windowsClangLldflags = ClangFilterUnknownLldflags(windowsClangLdflags) @@ -96,6 +98,7 @@ var ( "-m64", "-L${WindowsGccRoot}/${WindowsGccTriple}/lib64", "-static-libgcc", + "-Wl,--high-entropy-va", } windowsX8664ClangLdflags = append(ClangFilterUnknownCflags(windowsX8664Ldflags), []string{ "-B${WindowsGccRoot}/${WindowsGccTriple}/bin", -- cgit v1.2.3