VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-07-05 10:36:04 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-07-05 10:36:04 +0200
commit1ba6865ea14eb2f6cee1e8846887d64afd029630 (patch)
tree9c97892bc5f29af9d1b7e7a8229b284809987a3d
parentd7e442258a87c11ca9930ebd779674f0a27c7709 (diff)
downloadVeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.tar.gz
VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.zip
Linux: Add linker flag for GCC version below 6.0 to improve ASLR security
Reported on https://sourceforge.net/p/veracrypt/discussion/technical/thread/90f967e642 reference: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr script to check: https://github.com/opensrcsec/paxtest/blob/master/contrib/check_align.sh
-rw-r--r--src/Makefile6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile
index 5e3c903c..15af9c6c 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -219,6 +219,12 @@ ifeq "$(shell uname -s)" "Linux"
CXXFLAGS += -std=gnu++14
endif
+ # Linked in GCC versions below 6 was setting large value for MAXPAGESIZE which is not good for ASLR security
+ # So, we need to manually add the linker flag "-z max-page-size=4096" to set the maximum page size to 4KB
+ # in order to improve ASLR security. Starting from GCC 6, the default value of MAXPAGESIZE is 4KB.
+ ifeq ($(shell expr $(GCC_VERSION) \< 600), 1)
+ LFLAGS += -Wl,-z,max-page-size=4096
+ endif
ifeq "$(SIMD_SUPPORTED)" "1"
CFLAGS += -msse2