From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 66110 invoked by alias); 3 Mar 2020 04:53:22 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 66102 invoked by uid 89); 3 Mar 2020 04:53:21 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=triggers, selbie, H*i:sk:CAJn6YF, H*f:sk:CAJn6YF X-HELO: mail-ed1-f52.google.com Received: from mail-ed1-f52.google.com (HELO mail-ed1-f52.google.com) (209.85.208.52) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 03 Mar 2020 04:53:19 +0000 Received: by mail-ed1-f52.google.com with SMTP id dc19so2632161edb.10 for ; Mon, 02 Mar 2020 20:53:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JqoXyH0YEGyGJG/2MgDF/SjxKyPCs+/ox+6j63AXgis=; b=akfOMYb5EhbrTlqrpPhpDDaHbroEJOaJ2b6maVR5GzGuUo6xKUcoYSK/g4TnQ5gfOV TAqbWLcOUVEjdzl7SAZ/SIpGhgIE67qdTSdxGkHGmrKV7Pk0P4tY8VIOOXnC/K+wORwi //8ruF8JSjsnzZlam0pZ3ZLsTEnmGxPUq5x4djpYt+ODoK1qALRRYjGyU1f1G4MRuoHZ t8zLR7ofc8tQS33+N4EgBNGKUsshMxPUYsWoPlPaaZSjDyzKb4VkJT9aC28SIzf6esr9 YJXBOS+SgywmEDhAqQ5DG9BHn+rmk18B/FBKkYaYg24HYEu9Y9aPVI94J3b7ncIVBo+n Ri2A== MIME-Version: 1.0 References: In-Reply-To: From: John Selbie Date: Tue, 03 Mar 2020 04:53:00 -0000 Message-ID: Subject: Re: ASLR revisited To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2020-03/txt/msg00031.txt And I just discovered that recompiling with this added to the g++ command line: -Xlinker --dynamicbase Seems to work. Or at the least, triggers the process to show up in Process Explorer as ASLR? Good idea to continue with this? On Mon, Mar 2, 2020 at 8:26 PM John Selbie wrote: > For my open source project, I publish source code for Unix written in C++. > And as a convenience, I publish Win32 binaries compiled with Cygwin's g++ > build. I bundled the compiled EXE along with the dependent Cygwin DLLs > (cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll). > > Someone rang me up today and said, "We're about to go live with your > pre-compiled binaries for Windows, but our compliance testing detected your > code isn't using ASLR (Address Space Layout Randomization). Can you fix?" > > A quick internet search reveals that Cygwin has a compatibility issue with > ASRL. Process Explorer from sysinternals.com reveals that the process > runs without ASLR. > > I tried using the Windows 10 Exploit Protection Panel - and specifying an > exception for this executable to have mandatory ASLR. That results in the > code no longer running. Although the alternate option of "Botton-up ASLR" > did allow the code to run, but Process Explorer still doesn't show it > running with ASLR. > > Is there a workaround for allowing Cygwin code to have ASLR? I don't need > the fork() function. > > Thanks, > jrs > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple