Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mingw: enable GCC's stack smashing protector #215

Closed
wants to merge 1 commit into from
Closed

mingw: enable GCC's stack smashing protector #215

wants to merge 1 commit into from

Conversation

dscho
Copy link
Member

@dscho dscho commented May 20, 2019
edited

Recently, I managed to upstream the Data Execution Prevention/Address Space Layout Randomization patches of Git for Windows. Now it is time to add to that by also enabling GCC's augmenting feature which reduces the attack surface even further.

@dscho dscho added the ready to submit Has commits that have not been submitted yet label May 21, 2019
@weekly-digest weekly-digest bot mentioned this pull request May 26, 2019
Closed
@dscho
mingw: enable stack smashing protector
af1ac3b 
To reduce Git for Windows' attack surface, we started using the Address
Space Layout Randomization and Data Execution Prevention features in
ce6a158 (mingw: enable DEP and ASLR, 2019-05-08).

To remove yet another attack vector, let's make use of gcc's stack
smashing protector that helps detect stack buffer overruns early.

Rather than using -fstack-protector, we use -fstack-protector-strong
because on Windows: The latter appears to strike a better balance
between the performance impact and the provided safety.

In a non-scientific test (time git log --grep=is -p), best of 5 timings
went from 23.009s to 22.997s, i.e. the performance impact was *well*
lost in the noise.

This fixes git-for-windows#501

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
@dscho dscho force-pushed the mingw-stack-smashing-protector branch from 3960633 to af1ac3b Compare June 27, 2019 08:34
@dscho
Copy link
Member Author

dscho commented Jun 27, 2019

/submit

@gitgitgadget
Copy link

gitgitgadget bot commented Jun 27, 2019

Submitted as pull.215.git.gitgitgadget@gmail.com

@dscho dscho removed the ready to submit Has commits that have not been submitted yet label Jun 27, 2019
@gitgitgadget
Copy link

gitgitgadget bot commented Jun 27, 2019

This branch is now known as js/mingw-gcc-stash-protect.

@gitgitgadget
Copy link

gitgitgadget bot commented Jun 27, 2019

This patch series was integrated into pu via git@d03c197.

@gitgitgadget gitgitgadget bot added the pu label Jun 27, 2019
@gitgitgadget
Copy link

gitgitgadget bot commented Jun 28, 2019

This patch series was integrated into pu via git@0e500ae.

@gitgitgadget
Copy link

gitgitgadget bot commented Jun 28, 2019

This patch series was integrated into pu via git@463f88e.

@gitgitgadget
Copy link

gitgitgadget bot commented Jun 28, 2019

This patch series was integrated into pu via git@57b2633.

@weekly-digest weekly-digest bot mentioned this pull request Jun 30, 2019
Closed
@gitgitgadget
Copy link

gitgitgadget bot commented Jul 1, 2019

This patch series was integrated into pu via git@5429324.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 2, 2019

This patch series was integrated into pu via git@dff734e.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

Found multiple candidates in gitster/git:
refs/remotes/gitster/js/mingw-gcc-stack-protect
refs/remotes/gitster/js/mingw-gcc-stash-protect;

Using the first one.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

This branch is now known as js/mingw-gcc-stack-protect.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

This patch series was integrated into pu via git@0620380.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

This patch series was integrated into next via git@7e3185f.

@gitgitgadget gitgitgadget bot added the next label Jul 3, 2019
@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

Found multiple candidates in gitster/git:
refs/remotes/gitster/js/mingw-gcc-stack-protect
refs/remotes/gitster/js/mingw-gcc-stash-protect;

Using the first one.

1 similar comment
@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

Found multiple candidates in gitster/git:
refs/remotes/gitster/js/mingw-gcc-stack-protect
refs/remotes/gitster/js/mingw-gcc-stash-protect;

Using the first one.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

This patch series was integrated into pu via git@a286f37.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 3, 2019

Found multiple candidates in gitster/git:
refs/remotes/gitster/js/mingw-gcc-stack-protect
refs/remotes/gitster/js/mingw-gcc-stash-protect;

Using the first one.

@weekly-digest weekly-digest bot mentioned this pull request Jul 7, 2019
Closed
@gitgitgadget
Copy link

gitgitgadget bot commented Jul 9, 2019

This patch series was integrated into pu via git@dec0eb3.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 10, 2019

This patch series was integrated into pu via git@2155c19.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 12, 2019

This patch series was integrated into pu via git@32749c3.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 12, 2019

This patch series was integrated into next via git@32749c3.

@gitgitgadget
Copy link

gitgitgadget bot commented Jul 12, 2019

This patch series was integrated into master via git@32749c3.

@gitgitgadget gitgitgadget bot added the master label Jul 12, 2019
@gitgitgadget gitgitgadget bot closed this Jul 12, 2019
@gitgitgadget
Copy link

gitgitgadget bot commented Jul 12, 2019

Closed via 32749c3.

@dscho dscho deleted the mingw-stack-smashing-protector branch July 15, 2019 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
master next pu
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dscho