From 6a237925bf101a410763233c36d853624b950aa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=B0smail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Sat, 16 Jan 2016 18:59:31 +0200
Subject: [PATCH 1/3] Don't let ld strip relocations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is the first step for enabling ASLR (Address Space Layout
Randomization) support. The problem is ld.exe seems to be stripping
relocations which in turn will break ASLR support. We just make sure its
not stripping the main executable entry.

Signed-off-by: İsmail Dönmez <ismail@i10z.com>
---
 config.mak.uname | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config.mak.uname b/config.mak.uname
index 6fe6723480fc49..22f437b27f4176 100644
--- a/config.mak.uname
+++ b/config.mak.uname
@@ -544,9 +544,11 @@ else
 		prefix = /usr/
 		ifeq (MINGW32,$(MSYSTEM))
 			prefix = /mingw32
+			BASIC_LDFLAGS += -Wl,--pic-executable,-e,_mainCRTStartup
 		endif
 		ifeq (MINGW64,$(MSYSTEM))
 			prefix = /mingw64
+			BASIC_LDFLAGS += -Wl,--pic-executable,-e,mainCRTStartup
 		else
 			COMPAT_CFLAGS += -D_USE_32BIT_TIME_T
 			BASIC_LDFLAGS += -Wl,--large-address-aware

From 78dcc804dfbf86a1f7cb020f9c68dd8229f35e79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=B0smail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Sat, 16 Jan 2016 19:09:34 +0200
Subject: [PATCH 2/3] Enable DEP and ASLR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout
Randomization) support. This applies to both 32bit and 64bit builds.

Signed-off-by: İsmail Dönmez <ismail@i10z.com>
---
 config.mak.uname | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config.mak.uname b/config.mak.uname
index 22f437b27f4176..989644217b52ef 100644
--- a/config.mak.uname
+++ b/config.mak.uname
@@ -542,6 +542,10 @@ else
 	ifeq ($(shell expr "$(uname_R)" : '2\.'),2)
 		# MSys2
 		prefix = /usr/
+		# Enable DEP
+		BASIC_LDFLAGS += -Wl,--nxcompat
+		# Enable ASLR
+		BASIC_LDFLAGS += -Wl,--dynamicbase
 		ifeq (MINGW32,$(MSYSTEM))
 			prefix = /mingw32
 			BASIC_LDFLAGS += -Wl,--pic-executable,-e,_mainCRTStartup

From 64e7910dea133c7241e6bb27da09321365973716 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=B0smail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Sat, 16 Jan 2016 19:10:02 +0200
Subject: [PATCH 3/3] Enable High Entropy ASLR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For 64bit builds we can go ahead and enable High Entropy ASLR which will
provide better protection.

Signed-off-by: İsmail Dönmez <ismail@i10z.com>
---
 config.mak.uname | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config.mak.uname b/config.mak.uname
index 989644217b52ef..916c593f457b4f 100644
--- a/config.mak.uname
+++ b/config.mak.uname
@@ -552,7 +552,12 @@ else
 		endif
 		ifeq (MINGW64,$(MSYSTEM))
 			prefix = /mingw64
+			# Don't let ld strip relocations
 			BASIC_LDFLAGS += -Wl,--pic-executable,-e,mainCRTStartup
+			# Enable ASLR^2 aka High-Entropy ASLR
+			BASIC_LDFLAGS += -Wl,--high-entropy-va
+			# Set image base >4GB for extra entropy with High Entropy ASLR
+			BASIC_LDFLAGS += -Wl,--image-base,0x140000000
 		else
 			COMPAT_CFLAGS += -D_USE_32BIT_TIME_T
 			BASIC_LDFLAGS += -Wl,--large-address-aware