-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting HighEntropyVACheck on dotnet core generated assembly #101
Comments
Hey Travis: Sorry about the slow reply here--I'll need to validate something about HighEntropyVA with someone before I can say it definitely doesn't apply for an ILOnly assembly. (This is edited--I originally said this was not the case, and was filtered out, but I was recalling a different check.) However, as I understand it, the .net core Self Contained Deployments use something similar to NGEN, which means you're actually producing a native executable. This is definitely the case on Linux, where you get ELF executables. As I'd expect, too, the CLR headers aren't present on pwsh.exe--if you run dumpbin /clrheader pwsh.exe, you only get: Dump of file pwsh.exe File Type: EXECUTABLE IMAGE Summary
Whereas on a .NET assembly, you'd get CLR header options (incl. ILOnly, as below), as you see with dumpbin /clrheader BinSkim.exe (output is similar for a .NET core framework dependent compilation, as well): Dump of file binskim.exe FileType: EXECUTABLE IMAGE clr Header:
Summary
You may want to reach out to the .NET Core folks to check about the details of self contained deployments vs. framework dependent ones. Thanks, |
After going back over some things--it also does look like /highentropyva does apply to ILOnly assemblies, at least on Windows. |
This issue was filed: |
I don't think this is a binskim issue. Closing. |
We are getting
HighEntropyVACheck
on a dotnet core generated assembly defined by this csprojhttps://github.com/PowerShell/PowerShell/blob/master/src/powershell-win-core/powershell-win-core.csproj
I don't think this is valid, for a dotnet assembly.
Build instructions are here: https://github.com/PowerShell/PowerShell/blob/master/docs/building/windows-core.md
The text was updated successfully, but these errors were encountered: