| 3488dc9448bca25f26eafe3e0e041a87f3826b60 |
|
28-May-2012 |
Andrew Hsieh <andrewhsieh@google.com> |
Enable assembler/linker default "-z noexecstack -z relro -z now" for security
"--noexecstack" for assembler and "-z noexecstack" for linker enable NX
protection against buffer overflow attacks by enabling NX bit on stack and heap.
"-z relro -z now" for linker hardens internal data sections after linking
against security vulnerabilities due to memory corruption. See
http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
For those who really needs it, these features can be disabled by
1. Passing "--execstack" to assembler and "-z execstack" to linker to
disable NX protection.
Passing "-z norelro -z lazy" to linker to disable second protection.
2. In NDK jni/Android.mk, set the following
LOCAL_DISABLE_NO_EXECUTE=true: to disable "--noexecstack" and "-z noexecstack"
DISABLE_RELRO=true: to disable "-z relro -z now"
see $NDK/docs/ANDROID-MK.html for details
Change-Id: I5a482001178d5d8140f053712a132865ca2abf66
|