Linux: Add linker flag for GCC version below 6.0 to improve ASLR security

Reported on https://sourceforge.net/p/veracrypt/discussion/technical/thread/90f967e642 reference: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr script to check: https://github.com/opensrcsec/paxtest/blob/master/contrib/check_align.sh
author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-07-05 10:36:04 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-07-05 10:36:04 +0200
commit: 1ba6865ea14eb2f6cee1e8846887d64afd029630 (patch)
tree: 9c97892bc5f29af9d1b7e7a8229b284809987a3d /src
parent: d7e442258a87c11ca9930ebd779674f0a27c7709 (diff)
download: VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.tar.gz
VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile
index 5e3c903c..15af9c6c 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -219,6 +219,12 @@ ifeq "$(shell uname -s)" "Linux"
 		CXXFLAGS += -std=gnu++14
 	endif
 
+	# Linked in GCC versions below 6 was setting large value for MAXPAGESIZE which is not good for ASLR security
+	# So, we need to manually add the linker flag "-z max-page-size=4096" to set the maximum page size to 4KB
+	# in order to improve ASLR security. Starting from GCC 6, the default value of MAXPAGESIZE is 4KB.
+	ifeq ($(shell expr $(GCC_VERSION) \< 600), 1)
+		LFLAGS += -Wl,-z,max-page-size=4096
+	endif
 	
 	ifeq "$(SIMD_SUPPORTED)" "1"
 		CFLAGS += -msse2
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-07-05 10:36:04 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-07-05 10:36:04 +0200
commit	1ba6865ea14eb2f6cee1e8846887d64afd029630 (patch)
tree	9c97892bc5f29af9d1b7e7a8229b284809987a3d /src
parent	d7e442258a87c11ca9930ebd779674f0a27c7709 (diff)
download	VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.tar.gz VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.zip