PIE allows an application to utilize the full benefits of ASLR to prevent itself from exploitations, but it was disabled for all released versions of Electron (3.0 and prior). Currently, PIE is already enabled since 9294fac but enabling it for all released version is still an ongoing work (#14961). This patch backports PIE to the 3.0.x branch. Signed-off-by: Tom Li <tomli@tomli.me>
This commit is contained in:
#DeleteGithub
Samuel Attard
parent
f6b7f547bb
commit
70d4644742
3 changed files with 14 additions and 0 deletions
|
|
@ -84,6 +84,8 @@
|
|||
},
|
||||
'cflags': [
|
||||
'<!@(<(pkg-config) --cflags <(linux_system_libraries))',
|
||||
# Needed for PIE
|
||||
'-fPIC',
|
||||
],
|
||||
'direct_dependent_settings': {
|
||||
'cflags': [
|
||||
|
|
|
|||
|
|
@ -263,6 +263,7 @@
|
|||
['OS=="linux"', {
|
||||
'cflags': [
|
||||
'-Wno-empty-body',
|
||||
'-fPIC',
|
||||
],
|
||||
}], # OS=="linux"
|
||||
['OS=="win"', {
|
||||
|
|
|
|||
11
electron.gyp
11
electron.gyp
|
|
@ -253,6 +253,16 @@
|
|||
],
|
||||
},
|
||||
],
|
||||
'link_settings': {
|
||||
'ldflags': [
|
||||
# Build as Position-Independent Executable to mitigate exploitations.
|
||||
'-pie',
|
||||
],
|
||||
},
|
||||
'cflags_cc': [
|
||||
# Needed for PIE
|
||||
'-fPIC',
|
||||
]
|
||||
}], # OS=="linux"
|
||||
],
|
||||
}, # target <(project_name)
|
||||
|
|
@ -441,6 +451,7 @@
|
|||
# Required settings of using breakpad.
|
||||
'cflags_cc': [
|
||||
'-Wno-empty-body',
|
||||
'-fPIC',
|
||||
],
|
||||
'include_dirs': [
|
||||
'vendor/breakpad/src',
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue