diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-07-05 10:36:04 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-07-05 10:36:04 +0200 |
commit | 1ba6865ea14eb2f6cee1e8846887d64afd029630 (patch) | |
tree | 9c97892bc5f29af9d1b7e7a8229b284809987a3d /src | |
parent | d7e442258a87c11ca9930ebd779674f0a27c7709 (diff) | |
download | VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.tar.gz VeraCrypt-1ba6865ea14eb2f6cee1e8846887d64afd029630.zip |
Linux: Add linker flag for GCC version below 6.0 to improve ASLR security
Reported on https://sourceforge.net/p/veracrypt/discussion/technical/thread/90f967e642
reference: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
script to check: https://github.com/opensrcsec/paxtest/blob/master/contrib/check_align.sh
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile index 5e3c903c..15af9c6c 100644 --- a/src/Makefile +++ b/src/Makefile @@ -219,6 +219,12 @@ ifeq "$(shell uname -s)" "Linux" CXXFLAGS += -std=gnu++14 endif + # Linked in GCC versions below 6 was setting large value for MAXPAGESIZE which is not good for ASLR security + # So, we need to manually add the linker flag "-z max-page-size=4096" to set the maximum page size to 4KB + # in order to improve ASLR security. Starting from GCC 6, the default value of MAXPAGESIZE is 4KB. + ifeq ($(shell expr $(GCC_VERSION) \< 600), 1) + LFLAGS += -Wl,-z,max-page-size=4096 + endif ifeq "$(SIMD_SUPPORTED)" "1" CFLAGS += -msse2 |