delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2020/03/02/23:27:08

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:from:date:message-id:subject:to
:content-type; q=dns; s=default; b=iBy4M5Lfhcc5Mqk0C7iq5vGrjg5YX
84Y/ocSHleLXwbh0GV+USg+YeahZES30v5XvXnkvrZ3qhybkdpSAoMj7MUrGB6Ed
fjdpaddZv4lZwj8PticA24JLGLLvFaKTcU3zssq20PBUHCcIbb9BoA8yWfBv39Uz
BnYf7Qo+m/7Aew=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:from:date:message-id:subject:to
:content-type; s=default; bh=OoLmmVEOUSxKcYIrHOxv5f4WYbs=; b=T81
M2DVZuSGRrxN4f57CjjUl/hqJwMswVJyojoStLffV4UO9rEwTdvItBYnWiBNXRRj
Wb1b3YDzV9lTxDkSuq4Eg3E+VjBQ3nHThjMq/Jo2o+CUIUooQGmPsTctuJgywozy
hRVwzG0Qj8JF0IHiJN5bMjDxeargTufGQYU9gE3Q=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=explorer, Explorer, Panel, reveals
X-HELO: mail-ed1-f48.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=3PTczxCC/lEt3em8bFQN6dJ7sikIsbaAEXHfa0s8GH4=; b=HOsDPPelrHUJH/nKlF8F48jxxIykwBmwtYAO2j/H1pddiRfVp6i66WpVoIHcKOEVT9 4TaAQPzkgodgGt5mQK22zcarPAskhLcZdO5YpSEPEiuTeMTO2rfbti+DSc8+lr0ffXxL e8PEZNquXRiUKZ6Bd4V4R6Kawl5tcb2uoVzuZGqo+qsWTnQQSWuJwkE+GWRBqLSWHFUG shL5966eVioR+EDK51sN2ZYG/fA/dyQCCUJRsqTD/7p49cXuBPiJonfpNebYCkjvf77O LpQPhXsWlB0fWJv40E4aOFdl+SQsvGl8HPRCgjFxRFApMrkzDv6xpnWStm/pnON0JE1C voCg==
MIME-Version: 1.0
From: John Selbie <jselbie AT gmail DOT com>
Date: Mon, 2 Mar 2020 20:26:00 -0800
Message-ID: <CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg@mail.gmail.com>
Subject: ASLR revisited
To: cygwin AT cygwin DOT com
X-IsSubscribed: yes 

For my open source project, I publish source code for Unix written in C++.
And as a convenience, I publish Win32 binaries compiled with Cygwin's g++
build. I bundled the compiled EXE along with the dependent Cygwin DLLs
(cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).

Someone rang me up today and said, "We're about to go live with your
pre-compiled binaries for Windows, but our compliance testing detected your
code isn't using ASLR (Address Space Layout Randomization).  Can you fix?"

A quick internet search reveals that Cygwin has a compatibility issue with
ASRL. Process Explorer from sysinternals.com reveals that the process runs
without ASLR.

I tried using the Windows 10 Exploit Protection Panel - and specifying an
exception for this executable to have mandatory ASLR. That results in the
code no longer running.  Although the alternate option of "Botton-up ASLR"
did allow the code to run, but Process Explorer still doesn't show it
running with ASLR.

Is there a workaround for allowing Cygwin code to have ASLR?  I don't need
the fork() function.

Thanks,
jrs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019