Enable NX protections Add -Wa,--noexecstack and -Wl,-z,noexecstack as default flags when compiling applications. This enables NX protections, which prevent code from executing on the stack or heap. NX protections can block a large number of buffer overflow attacks, and is an important security feature. Change-Id: Iad4bab9f8664584ba6ce832a5318d07680d7a908

commit: 2915cc3e323a9bf86e1a20b201ceb4e9529bc5a2 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed May 05 11:09:52 2010 -0700
committer: Nick Kralevich <nnk@google.com> Wed May 05 11:09:52 2010 -0700
tree: 8d9150d4be3e0aacba7888ad6928f966c4b96586
parent: ac06ea783bd5acf6ba2dcda0b62cb55c74cca196 [diff]
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index 27e04ce..2bc91c9 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk

@@ -97,12 +97,14 @@
 			-ffunction-sections \
 			-funwind-tables \
 			-fstack-protector \
+			-Wa,--noexecstack \
 			-fno-short-enums \
 			$(arch_variant_cflags) \
 			-include $(android_config_h) \
 			-I $(arch_include_dir)
 
 TARGET_GLOBAL_LDFLAGS += \
+			-Wl,-z,noexecstack \
 			$(arch_variant_ldflags)
 
 # We only need thumb interworking in cases where thumb support
commit	2915cc3e323a9bf86e1a20b201ceb4e9529bc5a2	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed May 05 11:09:52 2010 -0700
committer	Nick Kralevich <nnk@google.com>	Wed May 05 11:09:52 2010 -0700
tree	8d9150d4be3e0aacba7888ad6928f966c4b96586
parent	ac06ea783bd5acf6ba2dcda0b62cb55c74cca196 [diff]