From 2915cc3e323a9bf86e1a20b201ceb4e9529bc5a2 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 5 May 2010 11:09:52 -0700
Subject: [PATCH] Enable NX protections

Add -Wa,--noexecstack and -Wl,-z,noexecstack as default
flags when compiling applications.  This enables NX
protections, which prevent code from executing on the
stack or heap.  NX protections can block a large number
of buffer overflow attacks, and is an important security
feature.

Change-Id: Iad4bab9f8664584ba6ce832a5318d07680d7a908
---
 core/combo/TARGET_linux-arm.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index 27e04ce49..2bc91c98e 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk
@@ -97,12 +97,14 @@ TARGET_GLOBAL_CFLAGS += \
 			-ffunction-sections \
 			-funwind-tables \
 			-fstack-protector \
+			-Wa,--noexecstack \
 			-fno-short-enums \
 			$(arch_variant_cflags) \
 			-include $(android_config_h) \
 			-I $(arch_include_dir)
 
 TARGET_GLOBAL_LDFLAGS += \
+			-Wl,-z,noexecstack \
 			$(arch_variant_ldflags)
 
 # We only need thumb interworking in cases where thumb support