GoogleGit

commitafb45637b2581be3501e520477b6b264fb2fed9e[log][tgz]
authorJoshua J. Drake <android-open-source@qoop.org>Thu Dec 12 00:41:38 2013 -0600
committerNick Kralevich <nnk@google.com>Thu Dec 12 10:47:08 2013 -0800
treef1dcb3f5971e525a3c624292ddf77130bc67b076
parentd270230fa49311901d8797a9e77865c37857d028[diff]
Enable NX protections

Add -Wa,--noexecstack and -Wl,-z,noexecstack as default
flags when compiling host-side applications.  This enables
NX protections, which prevent code from executing on the
stack or heap.  NX protections make exploiting memory
corruption issues more challenging and is an important
security feature.

Change-Id: Iae580abe887e01f9029ec2a4e0fc0aae496724a4
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk
index c6a155a..578cd42 100644
--- a/core/combo/HOST_linux-x86.mk
+++ b/core/combo/HOST_linux-x86.mk
@@ -39,12 +39,12 @@
 # more consistency between the host tools and the target.
 # BUILD_HOST_64bit=1 overrides it for tool like emulator
 # which can benefit from 64-bit host arch.
-HOST_GLOBAL_CFLAGS += -m64
-HOST_GLOBAL_LDFLAGS += -m64
+HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack
+HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack
 else
 # We expect SSE3 floating point math.
-HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32
-HOST_GLOBAL_LDFLAGS += -m32
+HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32 -Wa,--noexecstack
+HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack
 endif # BUILD_HOST_64bit
 
 ifneq ($(strip $(BUILD_HOST_static)),)