mingw: enable stack smashing protector

To reduce Git for Windows' attack surface, we started using the Address Space Layout Randomization and Data Execution Prevention features in ce6a158 (mingw: enable DEP and ASLR, 2019-05-08). To remove yet another attack vector, let's make use of gcc's stack smashing protector that helps detect stack buffer overruns early. Rather than using -fstack-protector, we use -fstack-protector-strong because on Windows: The latter appears to strike a better balance between the performance impact and the provided safety. In a non-scientific test (time git log --grep=is -p), best of 5 timings went from 23.009s to 22.997s, i.e. the performance impact was *well* lost in the noise. This fixes git-for-windows#501 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho · Jun 27, 2019 · af1ac3b · af1ac3b
1 parent aa25c82
commit af1ac3b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/config.mak.uname b/config.mak.uname
@@ -596,7 +596,8 @@ else
 			BASIC_LDFLAGS += -Wl,--large-address-aware
 		endif
 		CC = gcc
-		COMPAT_CFLAGS += -D__USE_MINGW_ANSI_STDIO=0 -DDETECT_MSYS_TTY
+		COMPAT_CFLAGS += -D__USE_MINGW_ANSI_STDIO=0 -DDETECT_MSYS_TTY \
+			-fstack-protector-strong
 		EXTLIBS += -lntdll
 		INSTALL = /bin/install
 		NO_R_TO_GCC_LINKER = YesPlease