3488dc9448bca25f26eafe3e0e041a87f3826b60 |
|
28-May-2012 |
Andrew Hsieh <andrewhsieh@google.com> |
Enable assembler/linker default "-z noexecstack -z relro -z now" for security "--noexecstack" for assembler and "-z noexecstack" for linker enable NX protection against buffer overflow attacks by enabling NX bit on stack and heap. "-z relro -z now" for linker hardens internal data sections after linking against security vulnerabilities due to memory corruption. See http://www.akkadia.org/drepper/nonselsec.pdf (section 6) http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html For those who really needs it, these features can be disabled by 1. Passing "--execstack" to assembler and "-z execstack" to linker to disable NX protection. Passing "-z norelro -z lazy" to linker to disable second protection. 2. In NDK jni/Android.mk, set the following LOCAL_DISABLE_NO_EXECUTE=true: to disable "--noexecstack" and "-z noexecstack" DISABLE_RELRO=true: to disable "-z relro -z now" see $NDK/docs/ANDROID-MK.html for details Change-Id: I5a482001178d5d8140f053712a132865ca2abf66
|