[PATCH] add support for high entropy ASLR on Windows

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] add support for high entropy ASLR on Windows
@ 2014-08-19 22:07 Daniel Micay
  2014-08-20 15:13 ` Nicholas Clifton
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Micay @ 2014-08-19 22:07 UTC (permalink / raw)
  To: binutils; +Cc: Daniel Micay

Enabling the HIGH_ENTROPY_VA flag allows the operating system to use
addresses outside of the 32-bit range before memory exhaustion. This
results in a higher entropy implementation of ASLR when used with the
DYNAMIC_BASE flag.

2014-08-19  Daniel Micay  <danielmicay@gmail.com>

	* include/coff/pe.h: Add HIGH_ENTROPY_VA flag
	* ld/emultempl/pep.em: Add --high-entropy-va switch
	* ld/ld.texinfo: Document the --high-entropy-va switch
---
 include/coff/pe.h   | 1 +
 ld/emultempl/pep.em | 7 +++++++
 ld/ld.texinfo       | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/include/coff/pe.h b/include/coff/pe.h
index 0ed9dde..5ffa7c0 100644
--- a/include/coff/pe.h
+++ b/include/coff/pe.h
@@ -40,6 +40,7 @@
 
 /* DllCharacteristics flag bits.  The inconsistent naming may seem
    odd, but that is how they are defined in the PE specification.  */
+#define IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA       0x0020
 #define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE          0x0040
 #define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY       0x0080
 #define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT             0x0100
diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
index 916a786..6d56bc3 100644
--- a/ld/emultempl/pep.em
+++ b/ld/emultempl/pep.em
@@ -237,6 +237,7 @@ enum options
   OPTION_LEADING_UNDERSCORE,
   OPTION_ENABLE_LONG_SECTION_NAMES,
   OPTION_DISABLE_LONG_SECTION_NAMES,
+  OPTION_HIGH_ENTROPY_VA,
   OPTION_DYNAMIC_BASE,
   OPTION_FORCE_INTEGRITY,
   OPTION_NX_COMPAT,
@@ -314,6 +315,7 @@ gld${EMULATION_NAME}_add_options
 #endif
     {"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
     {"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
+    {"high-entropy-va", no_argument, NULL, OPTION_HIGH_ENTROPY_VA},
     {"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
     {"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
     {"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
@@ -450,6 +452,8 @@ gld_${EMULATION_NAME}_list_options (FILE *file)
                                        executable image files\n"));
   fprintf (file, _("  --disable-long-section-names       Never use long COFF section names, even\n\
                                        in object files\n"));
+  fprintf (file, _("  --high-entropy-va                  Image is compatible with 64-bit address space\n\
+                                       layout randomization (ASLR)\n"));
   fprintf (file, _("  --dynamicbase			 Image base address may be relocated using\n\
 				       address space layout randomization (ASLR)\n"));
   fprintf (file, _("  --forceinteg		 Code integrity checks are enforced\n"));
@@ -804,6 +808,9 @@ gld${EMULATION_NAME}_handle_option (int optc)
       pep_use_coff_long_section_names = 0;
       break;
     /*  Get DLLCharacteristics bits  */
+    case OPTION_HIGH_ENTROPY_VA:
+      pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA;
+      break;
     case OPTION_DYNAMIC_BASE:
       pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
       break;
diff --git a/ld/ld.texinfo b/ld/ld.texinfo
index 718a7d0..350a48b 100644
--- a/ld/ld.texinfo
+++ b/ld/ld.texinfo
@@ -2655,6 +2655,10 @@ The following options set flags in the @code{DllCharacteristics} field
 of the PE file header:
 [These options are specific to PE targeted ports of the linker]
 
+@kindex --high-entropy-va
+@item --high-entropy-va
+Image is compatible with 64-bit address space layout randomization (ASLR).
+
 @kindex --dynamicbase
 @item --dynamicbase
 The image base address may be relocated using address space layout
-- 
2.0.4

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] add support for high entropy ASLR on Windows
  2014-08-19 22:07 [PATCH] add support for high entropy ASLR on Windows Daniel Micay
@ 2014-08-20 15:13 ` Nicholas Clifton
  0 siblings, 0 replies; 2+ messages in thread
From: Nicholas Clifton @ 2014-08-20 15:13 UTC (permalink / raw)
  To: Daniel Micay, binutils

Hi Daniel,

> Enabling the HIGH_ENTROPY_VA flag allows the operating system to use
> addresses outside of the 32-bit range before memory exhaustion. This
> results in a higher entropy implementation of ASLR when used with the
> DYNAMIC_BASE flag.

Approved and applied.

Cheers
   Nick

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-08-20 15:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-19 22:07 [PATCH] add support for high entropy ASLR on Windows Daniel Micay
2014-08-20 15:13 ` Nicholas Clifton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).