mirror of
				https://github.com/GrapheneOS/hardened_malloc.git
				synced 2025-10-26 14:16:33 +01:00 
			
		
		
		
	override local default to -fstack-protector-strong
This is a no-op on a toolchain compiled with the basic mitigations enabled by default, so this is generally a no-op anywhere this project is likely to be deployed. SSP has a very low performance cost so there's little reason to avoid it, even though it also has zero value for this code in practice. It would be great if one of the more modern approaches was widely adopted, but unfortunately SSP is as good as it gets for portable options. It doesn't provide any protection against external writes to the stack data which is all that's really needed here. ShadowCallStack is a great option for arm64, but it's substantially more difficult to protect return addresses well on x86_64 due to the design of the ISA and ABI.
This commit is contained in:
		
							parent
							
								
									e6ff9c7468
								
							
						
					
					
						commit
						8cd51ca138
					
				
					 1 changed files with 1 additions and 1 deletions
				
			
		
							
								
								
									
										2
									
								
								Makefile
									
										
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
										
									
									
									
								
							|  | @ -41,7 +41,7 @@ $(shell $(CC) -E $1 - </dev/null >/dev/null 2>&1 && echo $1 || echo $2) | |||
| endef | ||||
| 
 | ||||
| CPPFLAGS := -D_GNU_SOURCE | ||||
| SHARED_FLAGS := -O3 -flto -fPIC -fvisibility=hidden $(call safe_flag,-fno-plt) $(call safe_flag,-fstack-clash-protection) -pipe -Wall -Wextra $(call safe_flag,-Wcast-align=strict) -Wcast-qual -Wwrite-strings | ||||
| SHARED_FLAGS := -O3 -flto -fPIC -fvisibility=hidden $(call safe_flag,-fno-plt) $(call safe_flag,-fstack-clash-protection) -fstack-protector-strong -pipe -Wall -Wextra $(call safe_flag,-Wcast-align=strict) -Wcast-qual -Wwrite-strings | ||||
| 
 | ||||
| ifeq ($(CONFIG_NATIVE),true) | ||||
|     SHARED_FLAGS += -march=native | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue