Adding extra cflags for libgit2sharp binaries #164
Comments
|
We just compile libgit2 directly from the repo here to create the binaries for LibGit2Sharp to use. This all sounds like something you'd want to ask about in the libgit2 repo itself: https://github.com/libgit2/libgit2/issues |
|
Thanks for the quick reply let me close and create a new issue on libgit. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am inquiring whether the libgit2sharp native binaries for Linux and macOS are compiled with specific security flags that may differ with the flags on libgit 2 and if not and whether anyone would know why these flags may not be currently supported. Finally might there be a contribution guide to help contribute these changes without causing any regression? I would be happy to help create a pr to get these in
Flags:
-gdwarf-5to ensure that debugging dwarf version used is 5 for mac binaries.-Wl,-z,nowto ensure some relocation data is marked as read-only after the executable is loaded.-D_FORTIFY_SOURCE=2when optimization level 2 is enabled (-O2) some light reading on this shows that it can cause some regressions, Is this the reason it is not used as libgit2 seems to have -o2 as one of the default flags.--fstack-protector-strongor--fstack-protector-allto prevent stack-based buffer overflows I can see that the DEP flags are set so maybe this may not be needed.The reason I have this query is because BinSkim flags the 1.8.4 release (probably older ones as well) for the following rules.
BinSkim Rules:
Rule BA3004.GenerateRequiredSymbolFormat
Rule BA3011.EnableBindNow
.datasection in memory.Rule BA3030.UseGccCheckedFunctions
Rule BA3003.EnableStackProtector
I will appreciate any assistance on these.
The text was updated successfully, but these errors were encountered: