Re: ASLR revisited - John Selbie

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: John Selbie <jselbie@gmail.com>
To: cygwin@cygwin.com
Subject: Re: ASLR revisited
Date: Tue, 03 Mar 2020 04:53:00 -0000	[thread overview]
Message-ID: <CAJn6YFBcmnkZ_hGY_OJPguT+m-4UG_2oTCuMCPTD2GVW3JFbDg@mail.gmail.com> (raw)
In-Reply-To: <CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg@mail.gmail.com>

And I just discovered that recompiling with this added to the g++ command
line:

 -Xlinker --dynamicbase

Seems to work. Or at the least, triggers the process to show up in Process
Explorer as ASLR?

Good idea to continue with this?



On Mon, Mar 2, 2020 at 8:26 PM John Selbie <jselbie@gmail.com> wrote:

> For my open source project, I publish source code for Unix written in C++.
> And as a convenience, I publish Win32 binaries compiled with Cygwin's g++
> build. I bundled the compiled EXE along with the dependent Cygwin DLLs
> (cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).
>
> Someone rang me up today and said, "We're about to go live with your
> pre-compiled binaries for Windows, but our compliance testing detected your
> code isn't using ASLR (Address Space Layout Randomization).  Can you fix?"
>
> A quick internet search reveals that Cygwin has a compatibility issue with
> ASRL. Process Explorer from sysinternals.com reveals that the process
> runs without ASLR.
>
> I tried using the Windows 10 Exploit Protection Panel - and specifying an
> exception for this executable to have mandatory ASLR. That results in the
> code no longer running.  Although the alternate option of "Botton-up ASLR"
> did allow the code to run, but Process Explorer still doesn't show it
> running with ASLR.
>
> Is there a workaround for allowing Cygwin code to have ASLR?  I don't need
> the fork() function.
>
> Thanks,
> jrs
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2020-03-03  4:53 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-03  4:26 John Selbie
2020-03-03  4:53 ` John Selbie [this message]
2020-03-03  6:17   ` Lee
2020-03-04 23:29 ` Andrey Repin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAJn6YFBcmnkZ_hGY_OJPguT+m-4UG_2oTCuMCPTD2GVW3JFbDg@mail.gmail.com \
    --to=jselbie@gmail.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).