From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: "Jeff King" <peff@peff.net>, "Johannes Sixt" <j6t@kdbg.org>,
"İsmail Dönmez" <ismail@i10z.com>,
"İsmail Dönmez via GitGitGadget" <gitgitgadget@gmail.com>,
git@vger.kernel.org, "Junio C Hamano" <gitster@pobox.com>
Subject: Re: [PATCH 2/2] mingw: enable DEP and ASLR
Date: Wed, 8 May 2019 13:27:08 +0200 (DST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.1905081319570.44@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <20190501220219.GA42435@google.com>
Hi Jonathan & Peff,
On Wed, 1 May 2019, Jonathan Nieder wrote:
> Jeff King wrote:
>
> > I wonder if this points to this patch touching the wrong level. These
> > compiler flags are a thing that _some_ builds want (i.e., production
> > builds where people care most about security and not about debugging),
> > but not necessarily all.
> >
> > I'd have expected this to be tweakable by a Makefile knob (either a
> > specific knob, or just the caller setting the right CFLAGS etc), and
> > then for the builds of Git for Windows to turn those knobs when making a
> > package to distribute.
> >
> > Our internal package builds at GitHub all have this in their config.mak
> > (for Linux, of course):
> >
> > CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1
> > CFLAGS += -fstack-protector-strong
> >
> > CFLAGS += -fpie
> > LDFLAGS += -z relro -z now
> > LDFLAGS += -pie
> >
> > and I wouldn't be surprised if other binary distributors (like the
> > Debian package) do something similar.
>
> Yes, the Debian package uses
>
> CFLAGS := -Wall \
> $(shell dpkg-buildflags --get CFLAGS) \
> $(shell dpkg-buildflags --get CPPFLAGS)
>
> and then passes CFLAGS='$(CFLAGS)' to "make".
>
> That means we're using
>
> -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
> -Wdate-time -D_FORTIFY_SOURCE=2
>
> Dscho's suggestion for the Windows build sounds fine to me (if
> checking for -Og, too). Maybe it would make sense to factor out a
> makefile variable for this, that could be used for builds on other
> platforms, too. That way, the autodetection can be in one place, and
> there is a standard way to override it when the user wants something
> else.
Indeed, if I was to add a generic "are we building for production?"
function, this would be incorrect.
But this is not the case here, we are doing something very specific,
Windows-only here, and for the sole reason to keep debuggability (for
which the presence of the `-g` option indeed would not be a good
indicator: in Git for Windows, we build `.pdb` files so that stackdumps
can be more meaningful, but we do not want to have full debug information
in those executables).
In the long run, I think we need to become more explicit about this, by
adding a "FOR_PRODUCTION" flag. It's really no good if we use
implementation details such as CFLAGS to deduce intent.
That's for another patch series, though, as it is pretty clear-cut here:
If you build with optimization flags using Git for Windows' SDK, you
cannot use gdb for single-stepping, likewise if you use ASLR, so we can
totally piggyback the latter onto the former.
Ciao,
Dscho
next prev parent reply other threads:[~2019-05-08 11:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-29 21:56 [PATCH 0/2] Enable Data Execution Protection and Address Space Layout Randomization on Windows Johannes Schindelin via GitGitGadget
2019-04-29 21:56 ` [PATCH 1/2] mingw: do not let ld strip relocations İsmail Dönmez via GitGitGadget
2019-04-29 21:56 ` [PATCH 2/2] mingw: enable DEP and ASLR İsmail Dönmez via GitGitGadget
2019-04-30 6:26 ` Johannes Sixt
2019-04-30 22:41 ` Johannes Schindelin
2019-04-30 22:59 ` Johannes Sixt
2019-05-01 18:39 ` Alban Gruin
2019-05-01 23:36 ` brian m. carlson
2019-05-08 11:33 ` Johannes Schindelin
2019-05-08 11:33 ` Johannes Schindelin
2019-05-01 20:46 ` Jeff King
2019-05-01 22:02 ` Jonathan Nieder
2019-05-08 11:27 ` Johannes Schindelin [this message]
2019-05-08 11:30 ` [PATCH v2 0/2] Enable Data Execution Protection and Address Space Layout Randomization on Windows Johannes Schindelin via GitGitGadget
2019-05-08 11:30 ` [PATCH v2 1/2] mingw: do not let ld strip relocations İsmail Dönmez via GitGitGadget
2019-05-08 11:30 ` [PATCH v2 2/2] mingw: enable DEP and ASLR İsmail Dönmez via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.1905081319570.44@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=ismail@i10z.com \
--cc=j6t@kdbg.org \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).