New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mingw: enable GCC's stack smashing protector #215
Conversation
To reduce Git for Windows' attack surface, we started using the Address Space Layout Randomization and Data Execution Prevention features in ce6a158 (mingw: enable DEP and ASLR, 2019-05-08). To remove yet another attack vector, let's make use of gcc's stack smashing protector that helps detect stack buffer overruns early. Rather than using -fstack-protector, we use -fstack-protector-strong because on Windows: The latter appears to strike a better balance between the performance impact and the provided safety. In a non-scientific test (time git log --grep=is -p), best of 5 timings went from 23.009s to 22.997s, i.e. the performance impact was *well* lost in the noise. This fixes git-for-windows#501 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
3960633
to
af1ac3b
Compare
/submit |
Submitted as pull.215.git.gitgitgadget@gmail.com |
This branch is now known as |
This patch series was integrated into pu via git@d03c197. |
This patch series was integrated into pu via git@0e500ae. |
This patch series was integrated into pu via git@463f88e. |
This patch series was integrated into pu via git@57b2633. |
This patch series was integrated into pu via git@5429324. |
This patch series was integrated into pu via git@dff734e. |
Found multiple candidates in gitster/git: Using the first one. |
This branch is now known as |
This patch series was integrated into pu via git@0620380. |
This patch series was integrated into next via git@7e3185f. |
Found multiple candidates in gitster/git: Using the first one. |
1 similar comment
Found multiple candidates in gitster/git: Using the first one. |
This patch series was integrated into pu via git@a286f37. |
Found multiple candidates in gitster/git: Using the first one. |
This patch series was integrated into pu via git@dec0eb3. |
This patch series was integrated into pu via git@2155c19. |
This patch series was integrated into pu via git@32749c3. |
This patch series was integrated into next via git@32749c3. |
This patch series was integrated into master via git@32749c3. |
Closed via 32749c3. |
Recently, I managed to upstream the Data Execution Prevention/Address Space Layout Randomization patches of Git for Windows. Now it is time to add to that by also enabling GCC's augmenting feature which reduces the attack surface even further.