[vlc-devel] commit: Win32: Add an option to set the DEP and ASLR flags for all binaries . (Geoffroy Couprie )

git version control git at videolan.org
Thu Sep 17 13:01:55 CEST 2009 

vlc | branch: master | Geoffroy Couprie <geal at videolan.org> | Thu Sep 17 12:51:26 2009 +0200| [60aa14b737e0f00d34c5785b7e7c62557dd7a10d] | committer: Geoffroy Couprie 

Win32: Add an option to set the DEP and ASLR flags for all binaries.
This option will make it much harder to exploit vulnerabilities on Vista and Seven

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=60aa14b737e0f00d34c5785b7e7c62557dd7a10d
---

 Makefile.am  |    7 +++++++
 configure.ac |   10 ++++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 43186dd..e85fd4a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -766,6 +766,13 @@ package-win32-base-debug: package-win-common
 # Contrib *.dll's
 	cp $(srcdir)/extras/contrib/lib/*.dll "vlc-$(VERSION)/" || true
 
+#Enable DEP and ASLR for all the binaries
+if USE_PEFLAGS
+	find $(win32_destdir) -type f -name '*.dll' -print -o -name '*.exe' -print | while read i; do \
+	$(PEFLAGS) --dynamicbase=true --nxcompat=true "$$i" ; \
+	done
+endif
+
 # Copy the lua scripts (HTTP)
 if BUILD_LUA
 	mkdir -p "$(win32_lua_destdir)/http/images"
diff --git a/configure.ac b/configure.ac
index 6497708..87b9fa7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -355,6 +355,16 @@ case "${host_os}" in
         VLC_ADD_LIBS([cdda vcdx cddax sdl_image aout_sdl vout_sdl],[-lwinmm])
         VLC_ADD_LIBS([access_http access_mms access_udp access_tcp access_ftp access_rtmp access_output_udp access_output_shout access_output_rtmp sap slp http stream_out_standard stream_out_rtp stream_out_raop vod_rtsp access_realrtsp rtp telnet rc netsync gnutls growl_udp flac ts audioscrobbler lua remoteosd zvbi],[-lws2_32])
         VLC_ADD_LIBS([access_file], [-lshlwapi])
+        dnl
+        dnl DEP and ASLR options
+        dnl
+        AC_ARG_ENABLE(peflags,
+          [  --enable-peflags          peflags use (default enabled)])
+        if test "${enable_peflags}" != "no"
+        then
+          AC_CHECK_TOOL(PEFLAGS, peflags, :)
+        fi
+        AM_CONDITIONAL(USE_PEFLAGS, [test "${enable_peflags}" = "yes"])
     fi
     if test "${SYS}" = "mingwce"; then
         # add ws2 for closesocket, select, recv

More information about the vlc-devel mailing list