New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use ASLR on Windows #16514

Open
thestinger opened this Issue Aug 15, 2014 · 6 comments

Comments

Projects
None yet
4 participants
@thestinger
Contributor

thestinger commented Aug 15, 2014

This should be as simple as passing --dynamicbase to the linker for both libraries and executables. However, the necessary relocations are never generated by MinGW or MinGW-w64 for executables so nothing is actually randomized without also passing --export-all-symbols. The -pie switch is also broken and results in a messed up entry point, but it may not actually be required.

@thestinger thestinger changed the title from use full ASLR on Windows to use ASLR on Windows Aug 16, 2014

@thestinger thestinger self-assigned this Aug 19, 2014

@bors bors closed this in #16588 Aug 19, 2014

mrmonday added a commit to mrmonday/rust that referenced this issue Aug 25, 2014

@postessive

This comment has been minimized.

Show comment
Hide comment
@postessive

postessive Aug 27, 2014

Hi,

I found this issue while looking for an old reference, but I thought you might be interested in a possible fix. We needed --dynamic-base for Tor's hardening options and after some back and forth settled on a working binutils patch which is here (works for 2.24 and is being submitted upstream shortly):

https://gitweb.torproject.org/user/erinn/tor-browser-bundle.git/commitdiff/631b64262ea66f9529a2ef552734a88d7171a594

This patch has not been reviewed at all, since no one at Tor feels sufficiently capable. Hopefully the binutils folks will have something to say, but as language developers you might too. (edit: fix link to patch)

Hi,

I found this issue while looking for an old reference, but I thought you might be interested in a possible fix. We needed --dynamic-base for Tor's hardening options and after some back and forth settled on a working binutils patch which is here (works for 2.24 and is being submitted upstream shortly):

https://gitweb.torproject.org/user/erinn/tor-browser-bundle.git/commitdiff/631b64262ea66f9529a2ef552734a88d7171a594

This patch has not been reviewed at all, since no one at Tor feels sufficiently capable. Hopefully the binutils folks will have something to say, but as language developers you might too. (edit: fix link to patch)

@thestinger

This comment has been minimized.

Show comment
Hide comment
@thestinger

thestinger Aug 28, 2014

Contributor

@postessive: We ended up working around it for the time being by doing a dllexport of main in order to force it to output a relocation section, since the executable counts as a library. I would really like to have this fixed properly though so I'll look into it some more when I have time.

Contributor

thestinger commented Aug 28, 2014

@postessive: We ended up working around it for the time being by doing a dllexport of main in order to force it to output a relocation section, since the executable counts as a library. I would really like to have this fixed properly though so I'll look into it some more when I have time.

@thestinger

This comment has been minimized.

Show comment
Hide comment
@thestinger

thestinger Oct 1, 2014

Contributor

Needs to be disabled again due to #17684.

Contributor

thestinger commented Oct 1, 2014

Needs to be disabled again due to #17684.

@klutzy

This comment has been minimized.

Show comment
Hide comment
@klutzy

klutzy Feb 14, 2015

Contributor

Note that recent binutils may have support for high entropy ASLR. (The patch was accepted last year. See #16593) It would be good to check if mingw-w64 would contain the patch when we re-enable ASLR.

Contributor

klutzy commented Feb 14, 2015

Note that recent binutils may have support for high entropy ASLR. (The patch was accepted last year. See #16593) It would be good to check if mingw-w64 would contain the patch when we re-enable ASLR.

@kostix kostix referenced this issue in git-for-windows/git Jan 15, 2016

Closed

ASLR not enabled for Git for Windows executables #608

@steveklabnik

This comment has been minimized.

Show comment
Hide comment
@steveklabnik

steveklabnik Mar 4, 2016

Member

Triage: not sure if anything has changed here, but I don't think so.

Member

steveklabnik commented Mar 4, 2016

Triage: not sure if anything has changed here, but I don't think so.

@steveklabnik steveklabnik added O-windows-gnu and removed O-windows labels Mar 4, 2016

@retep998 retep998 referenced this issue in rust-lang/rust-www Jun 18, 2016

Closed

Recommendation of Windows ABI #341

@retep998 retep998 referenced this issue in rust-lang/rfcs Jun 26, 2016

Open

Rust, Windows, and MSVC #1061

18 of 47 tasks complete

@Chocobo1 Chocobo1 referenced this issue in OpenVPN/openvpn-gui Jan 18, 2017

Merged

Enable ASLR & DEP #123

@steveklabnik

This comment has been minimized.

Show comment
Hide comment
@steveklabnik

steveklabnik Sep 30, 2017

Member

Triage: same as in 2016

Member

steveklabnik commented Sep 30, 2017

Triage: same as in 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment