Enable Data Execution Protection and Address Space Layout Randomization on Windows #134
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This supersedes #48 |
35 tasks
|
/submit |
|
Submitted as [email protected] |
![gitgitgadget[bot]](https://avatars.githubusercontent.com/in/12836?s=60&v=4){kind=small}
This is the first step for enabling ASLR (Address Space Layout Randomization) support. We want to enable ASLR for better protection against exploiting security holes in Git: it makes it harder to attack software by making code addresses unpredictable. The problem fixed by this commit is that `ld.exe` seems to be stripping relocations which in turn will break ASLR support. We just make sure it's not stripping the main executable entry. Signed-off-by: İsmail Dönmez <[email protected]> Signed-off-by: Johannes Schindelin <[email protected]>
Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) support. This applies to both 32bit and 64bit builds and makes it substantially harder to exploit security holes in Git by offering a much more unpredictable attack surface. ASLR interferes with GDB's ability to set breakpoints. A similar issue holds true when compiling with -O2 (in which case single-stepping is messed up because GDB cannot map the code back to the original source code properly). Therefore we simply enable ASLR only when an optimization flag is present in the CFLAGS, using it as an indicator that the developer does not want to debug in GDB anyway. Signed-off-by: İsmail Dönmez <[email protected]> Signed-off-by: Johannes Schindelin <[email protected]>
|
/submit |
|
Submitted as [email protected] |
|
This branch is now known as |
|
This patch series was integrated into pu via git@8a59c5f. |
|
This patch series was integrated into pu via git@d69114e. |
|
This patch series was integrated into next via git@33d5706. |
|
This patch series was integrated into pu via git@b56da75. |
|
This patch series was integrated into pu via git@9e8d424. |
|
This patch series was integrated into pu via git@f42bee7. |
|
This patch series was integrated into next via git@f42bee7. |
|
This patch series was integrated into master via git@f42bee7. |
|
Closed via f42bee7. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These two techniques make it harder to come up with exploits, by reducing what is commonly called the "attack surface" in security circles: by making the addresses less predictable, and by making it harder to inject data that is then (mis-)interpreted as code, this hardens Git's executables on Windows.
These patches have been carried in Git for Windows for over 3 years, and should therefore be considered battle-tested.
Changes since v1:
-O0and-Ogare explicitly ignored.