Enable NX protections

Add -Wa,--noexecstack and -Wl,-z,noexecstack as default
flags when compiling host-side applications.  This enables
NX protections, which prevent code from executing on the
stack or heap.  NX protections make exploiting memory
corruption issues more challenging and is an important
security feature.

Change-Id: Iae580abe887e01f9029ec2a4e0fc0aae496724a4
diff --git a/core/combo/HOST_linux-x86.mk b/core/combo/HOST_linux-x86.mk
index c6a155a..578cd42 100644
--- a/core/combo/HOST_linux-x86.mk
+++ b/core/combo/HOST_linux-x86.mk
@@ -39,12 +39,12 @@
 # more consistency between the host tools and the target.
 # BUILD_HOST_64bit=1 overrides it for tool like emulator
 # which can benefit from 64-bit host arch.
-HOST_GLOBAL_CFLAGS += -m64
-HOST_GLOBAL_LDFLAGS += -m64
+HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack
+HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack
 else
 # We expect SSE3 floating point math.
-HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32
-HOST_GLOBAL_LDFLAGS += -m32
+HOST_GLOBAL_CFLAGS += -mstackrealign -msse3 -mfpmath=sse -m32 -Wa,--noexecstack
+HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack
 endif # BUILD_HOST_64bit
 
 ifneq ($(strip $(BUILD_HOST_static)),)