Enable NX protections
Add -Wa,--noexecstack and -Wl,-z,noexecstack as default flags when compiling applications. This enables NX protections, which prevent code from executing on the stack or heap. NX protections can block a large number of buffer overflow attacks, and is an important security feature. Change-Id: Iad4bab9f8664584ba6ce832a5318d07680d7a908
This commit is contained in:
Nick Kralevich
parent
ac06ea783b
commit
2915cc3e32
1 changed files with 2 additions and 0 deletions
|
|
@ -97,12 +97,14 @@ TARGET_GLOBAL_CFLAGS += \
|
|||
-ffunction-sections \
|
||||
-funwind-tables \
|
||||
-fstack-protector \
|
||||
-Wa,--noexecstack \
|
||||
-fno-short-enums \
|
||||
$(arch_variant_cflags) \
|
||||
-include $(android_config_h) \
|
||||
-I $(arch_include_dir)
|
||||
|
||||
TARGET_GLOBAL_LDFLAGS += \
|
||||
-Wl,-z,noexecstack \
|
||||
$(arch_variant_ldflags)
|
||||
|
||||
# We only need thumb interworking in cases where thumb support
|
||||
|
|
|
|||
Loading…
Reference in a new issue