From 1ef324febd501175476be53851fa462ef8d540f2 Mon Sep 17 00:00:00 2001 From: Slawomir Cygan Date: Wed, 14 Jun 2017 19:15:31 +0200 Subject: build: Enable control flow guard on Windows This enables the 'Control Flow Guard' security feature, which prevents memory corruption vulnerabilites by placing a restriction on where application can execute from. The change is applied to both VulkanRT and it's NSIS installer. WARN: This change requires re-patching and rebuillding NSIS with attached patch. WARN#2: This change requires Visual Studion 2015 or vs140 toolset to take effect. Control Flow Guard documentation: https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx Change-Id: I7683c0570087d994961c79fb64419509f83536a8 --- windowsRuntimeInstaller/NSIS_Security.patch | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'windowsRuntimeInstaller/NSIS_Security.patch') diff --git a/windowsRuntimeInstaller/NSIS_Security.patch b/windowsRuntimeInstaller/NSIS_Security.patch index 87bf7e6b..b275aae0 100644 --- a/windowsRuntimeInstaller/NSIS_Security.patch +++ b/windowsRuntimeInstaller/NSIS_Security.patch @@ -20,7 +20,18 @@ index 32d3d33..d2c4d25 100644 defenv.Append(CPPDEFINES = ['_CRT_SECURE_NO_WARNINGS', '_CRT_NONSTDC_NO_WARNINGS', '_CRT_SECURE_NO_DEPRECATE', '_CRT_NON_CONFORMING_SWPRINTFS']) defenv['MSVCRT_FLAG'] = '/MT' # Avoid msvcr?0.dll dependency else: -@@ -143,9 +143,9 @@ stub_env.Append(CCFLAGS = ['/Fa${TARGET}.lst']) # listing file name +@@ -43,6 +43,10 @@ if msvs_version >= 11.0: + defenv['SUBSYS_CON'] = '/subsystem:console,5.01' # support windows xp + defenv['SUBSYS_WIN'] = '/subsystem:windows,5.01' # support windows xp + ++if msvs_version >= 14.0: ++ defenv.Append(CCFLAGS = ['/guard:cf']) ++ defenv.Append(LINKFLAGS = ['/guard:cf']) ++ + ### defines + + defenv.Append(CPPDEFINES = [('NSISCALL', '$STDCALL')]) +@@ -143,9 +147,9 @@ stub_env.Append(CCFLAGS = ['/Fa${TARGET}.lst']) # listing file name stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no default libraries stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file -- cgit v1.2.3