git.exe doesn't seem to be ASLR/DEP enabled.

[ismail]

Using the test program from https://github.com/ismail/randomworks/blob/master/windows/checksec.cpp

λ checksec.exe bin/git.exe
64-bit binary
Large address aware: Yes
ASLR: No
ASLR^2: No
DEP: No
TS Aware: No
/GS: No

Only tested the portable binary. I am afraid something has gone wrong. can you check the build log to see if ldflags are properly applied?

[dscho]

I get this:

./checksec.exe /c/Program\ Files/Git/mingw64/bin/git.exe
64-bit binary
Large address aware: Yes
ASLR: Yes
ASLR^2: No
DEP: Yes
TS Aware: No
/GS: No

Please note that I inspected /mingw64/bin/git.exe, not /bin/git.exe.

The latter is actually just a redirector (which we call "git-wrapper"). And yes, it is apparently not compiled with the correct flags. Let me check that.

[ismail]

Indeed, /mingw64/bin/git.exe is fine. Sorry for the hassle and thanks for getting this out.

[dscho]

@ismail Ah, I see you closed it already. These two commits were still needed to address the issue pointed out by you, though ;-)

[ismail]

Aha! I am happy the bug report was not for nothing :)

[dscho]

@ismail your report was definitely not for nothing. First of all, you already contributed actual code, which counts quite a bit in my book.

Second: you raised a valid concern, and even if I would not have changed the Git wrapper, just having this ticket with the discussion on record is worth it.

And lastly, you provided this neat little program to check whether ASLR/DEP are enabled. For future self's benefit, I will reproduce it here:

// Original code belongs to Raymond Chen
// See https://blogs.msdn.microsoft.com/oldnewthing/20150518-00/?p=45581

#pragma comment(lib, "dbghelp.lib")

#include <windows.h>
#include <imagehlp.h>
#include <stdio.h> // horrors! mixing stdio and C++!
#include <stddef.h>

#define nullptr NULL

class MappedImage
{
    public:
        bool MapImage(const char* fileName);
        void ProcessResults();
        ~MappedImage();

    private:
        WORD GetCharacteristics();

        template<typename T>
            WORD GetDllCharacteristics();

        template<typename T>
            bool HasSecurityCookie();

    private:
        HANDLE file_ = INVALID_HANDLE_VALUE;
        HANDLE mapping_ = nullptr;
        void *imageBase_ = nullptr;
        IMAGE_NT_HEADERS* headers_ = nullptr;
        int bitness_ = 0;
};

bool MappedImage::MapImage(const char* fileName)
{
    file_ = CreateFile(fileName, GENERIC_READ,
            FILE_SHARE_READ,
            NULL,
            OPEN_EXISTING,
            0,
            NULL);
    if (file_ == INVALID_HANDLE_VALUE) return false;

    mapping_ = CreateFileMapping(file_, NULL, PAGE_READONLY,
            0, 0, NULL);
    if (!mapping_) return false;

    imageBase_ = MapViewOfFile(mapping_, FILE_MAP_READ, 0, 0, 0);
    if (!imageBase_) return false;

    headers_ = ImageNtHeader(imageBase_);
    if (!headers_) return false;
    if (headers_->Signature != IMAGE_NT_SIGNATURE) return false;

    switch (headers_->OptionalHeader.Magic) {
        case IMAGE_NT_OPTIONAL_HDR32_MAGIC: bitness_ = 32; break;
        case IMAGE_NT_OPTIONAL_HDR64_MAGIC: bitness_ = 64; break;
        default: return false;
    }

    return true;
}

MappedImage::~MappedImage()
{
    if (imageBase_) UnmapViewOfFile(imageBase_);
    if (mapping_) CloseHandle(mapping_);
    if (file_ != INVALID_HANDLE_VALUE) CloseHandle(file_);
}

WORD MappedImage::GetCharacteristics()
{
    return headers_->FileHeader.Characteristics;
}

    template<typename T>
WORD MappedImage::GetDllCharacteristics()
{
    return reinterpret_cast<T*>(headers_)->
        OptionalHeader.DllCharacteristics;
}

    template<typename T>
bool MappedImage::HasSecurityCookie()
{
    ULONG size;
    T *data = static_cast<T*>(ImageDirectoryEntryToDataEx(
                imageBase_, TRUE, IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
                &size, NULL));
    if (!data) return false;
    ULONG minSize = offsetof(T, SecurityCookie) +
        sizeof(data->SecurityCookie);
    if (size < minSize) return false;
    if (data->Size < minSize) return false;
    return data->SecurityCookie != 0;
}

void MappedImage::ProcessResults()
{
    printf("%d-bit binary\n", bitness_);
    auto Characteristics = GetCharacteristics();
    printf("Large address aware: %s\n",
            (Characteristics & IMAGE_FILE_LARGE_ADDRESS_AWARE)
            ? "Yes" : "No");

    auto DllCharacteristics = bitness_ == 32
        ? GetDllCharacteristics<IMAGE_NT_HEADERS32>()
        : GetDllCharacteristics<IMAGE_NT_HEADERS64>();

    printf("ASLR: %s\n",
            (DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
            ? "Yes" : "No");
    printf("ASLR^2: %s\n",
            (DllCharacteristics & IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA)
            ? "Yes" : "No");
    printf("DEP: %s\n",
            (DllCharacteristics & IMAGE_DLLCHARACTERISTICS_NX_COMPAT)
            ? "Yes" : "No");
    printf("TS Aware: %s\n",
            (DllCharacteristics & IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE)
            ? "Yes" : "No");

    bool hasSecurityCookie =
        bitness_ == 32 ? HasSecurityCookie<IMAGE_LOAD_CONFIG_DIRECTORY32>()
        : HasSecurityCookie<IMAGE_LOAD_CONFIG_DIRECTORY64>();
    printf("/GS: %s\n", hasSecurityCookie
            ? "Yes" : "No");
}

int __cdecl main(int argc, char**argv)
{
    MappedImage mappedImage;
    if (mappedImage.MapImage(argv[1])) {
        mappedImage.ProcessResults();
    }
    return 0;
}

Compile it within Git for Windows' SDK using g++ -o check-sec.exe check-sec.cc -ldbghelp et voilà, you have an excellent executable to verify ASLR/DEP presence.