From 1ba6865ea14eb2f6cee1e8846887d64afd029630 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Fri, 5 Jul 2024 10:36:04 +0200
Subject: Linux: Add linker flag for GCC version below 6.0 to improve ASLR
 security

Reported on https://sourceforge.net/p/veracrypt/discussion/technical/thread/90f967e642
reference: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
script to check: https://github.com/opensrcsec/paxtest/blob/master/contrib/check_align.sh
---
 src/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/Makefile b/src/Makefile
index 5e3c903c..15af9c6c 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -219,6 +219,12 @@ ifeq "$(shell uname -s)" "Linux"
 		CXXFLAGS += -std=gnu++14
 	endif
 
+	# Linked in GCC versions below 6 was setting large value for MAXPAGESIZE which is not good for ASLR security
+	# So, we need to manually add the linker flag "-z max-page-size=4096" to set the maximum page size to 4KB
+	# in order to improve ASLR security. Starting from GCC 6, the default value of MAXPAGESIZE is 4KB.
+	ifeq ($(shell expr $(GCC_VERSION) \< 600), 1)
+		LFLAGS += -Wl,-z,max-page-size=4096
+	endif
 	
 	ifeq "$(SIMD_SUPPORTED)" "1"
 		CFLAGS += -msse2
-- 
cgit v1.2.3