Mail Archives: cygwin/2020/03/02/23:54:14

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2020/03/02/23:54:14

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:references:in-reply-to:from:date

:message-id:subject:to:content-type; q=dns; s=default; b=G44Z9SR

e8L1+Z7RZjeWi/rLow/PfZz7HmsiX8vqnLHDbP/3k6JCXTS7Myu3G8ZQMzyLpNg/

1Bkf81U+BVnY1obllmUroy9yHD/pMs+juwSqeoWoXCrYv2jimE4jxa04AzTMT1GY

7XFGKnPcF/+Cg3F9Iw3xTlJdpdbsbK8XBjEE=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:references:in-reply-to:from:date

:message-id:subject:to:content-type; s=default; bh=coBa91NVdknFQ

4KGRiwvqZYP9Bs=; b=xKYisiBVoX9ti2ujxy/rcjx+0T50+rxGu5VsRr1nRBdCV

PMW8Z6SR+43X0CNw4+DWQQpMod+j+pHywrlx/z3J0cQA5j+n5HI0MRUMbSwVMvtd

rSgdCR94P77a81gC3+Eyxn4mBiLGizFf9sC/33a3OEKwBY/7rhKg9rVe27r0Vs=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=triggers, selbie, H*i:sk:CAJn6YF, H*f:sk:CAJn6YF

X-HELO: mail-ed1-f52.google.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JqoXyH0YEGyGJG/2MgDF/SjxKyPCs+/ox+6j63AXgis=; b=akfOMYb5EhbrTlqrpPhpDDaHbroEJOaJ2b6maVR5GzGuUo6xKUcoYSK/g4TnQ5gfOV TAqbWLcOUVEjdzl7SAZ/SIpGhgIE67qdTSdxGkHGmrKV7Pk0P4tY8VIOOXnC/K+wORwi //8ruF8JSjsnzZlam0pZ3ZLsTEnmGxPUq5x4djpYt+ODoK1qALRRYjGyU1f1G4MRuoHZ t8zLR7ofc8tQS33+N4EgBNGKUsshMxPUYsWoPlPaaZSjDyzKb4VkJT9aC28SIzf6esr9 YJXBOS+SgywmEDhAqQ5DG9BHn+rmk18B/FBKkYaYg24HYEu9Y9aPVI94J3b7ncIVBo+n Ri2A==

MIME-Version: 1.0

References: <CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg AT mail DOT gmail DOT com>

In-Reply-To: <CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg@mail.gmail.com>

From: John Selbie <jselbie AT gmail DOT com>

Date: Mon, 2 Mar 2020 20:53:06 -0800

Message-ID: <CAJn6YFBcmnkZ_hGY_OJPguT+m-4UG_2oTCuMCPTD2GVW3JFbDg@mail.gmail.com>

Subject: Re: ASLR revisited

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

And I just discovered that recompiling with this added to the g++ command
line:

 -Xlinker --dynamicbase

Seems to work. Or at the least, triggers the process to show up in Process
Explorer as ASLR?

Good idea to continue with this?



On Mon, Mar 2, 2020 at 8:26 PM John Selbie <jselbie AT gmail DOT com> wrote:

> For my open source project, I publish source code for Unix written in C++.
> And as a convenience, I publish Win32 binaries compiled with Cygwin's g++
> build. I bundled the compiled EXE along with the dependent Cygwin DLLs
> (cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).
>
> Someone rang me up today and said, "We're about to go live with your
> pre-compiled binaries for Windows, but our compliance testing detected your
> code isn't using ASLR (Address Space Layout Randomization).  Can you fix?"
>
> A quick internet search reveals that Cygwin has a compatibility issue with
> ASRL. Process Explorer from sysinternals.com reveals that the process
> runs without ASLR.
>
> I tried using the Windows 10 Exploit Protection Panel - and specifying an
> exception for this executable to have mandatory ASLR. That results in the
> code no longer running.  Although the alternate option of "Botton-up ASLR"
> did allow the code to run, but Process Explorer still doesn't show it
> running with ASLR.
>
> Is there a workaround for allowing Cygwin code to have ASLR?  I don't need
> the fork() function.
>
> Thanks,
> jrs
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=G44Z9SR
	e8L1+Z7RZjeWi/rLow/PfZz7HmsiX8vqnLHDbP/3k6JCXTS7Myu3G8ZQMzyLpNg/
	1Bkf81U+BVnY1obllmUroy9yHD/pMs+juwSqeoWoXCrYv2jimE4jxa04AzTMT1GY
	7XFGKnPcF/+Cg3F9Iw3xTlJdpdbsbK8XBjEE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=coBa91NVdknFQ
	4KGRiwvqZYP9Bs=; b=xKYisiBVoX9ti2ujxy/rcjx+0T50+rxGu5VsRr1nRBdCV
	PMW8Z6SR+43X0CNw4+DWQQpMod+j+pHywrlx/z3J0cQA5j+n5HI0MRUMbSwVMvtd
	rSgdCR94P77a81gC3+Eyxn4mBiLGizFf9sC/33a3OEKwBY/7rhKg9rVe27r0Vs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=triggers, selbie, Hi:sk:CAJn6YF, Hf:sk:CAJn6YF
X-HELO:	mail-ed1-f52.google.com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JqoXyH0YEGyGJG/2MgDF/SjxKyPCs+/ox+6j63AXgis=; b=akfOMYb5EhbrTlqrpPhpDDaHbroEJOaJ2b6maVR5GzGuUo6xKUcoYSK/g4TnQ5gfOV TAqbWLcOUVEjdzl7SAZ/SIpGhgIE67qdTSdxGkHGmrKV7Pk0P4tY8VIOOXnC/K+wORwi //8ruF8JSjsnzZlam0pZ3ZLsTEnmGxPUq5x4djpYt+ODoK1qALRRYjGyU1f1G4MRuoHZ t8zLR7ofc8tQS33+N4EgBNGKUsshMxPUYsWoPlPaaZSjDyzKb4VkJT9aC28SIzf6esr9 YJXBOS+SgywmEDhAqQ5DG9BHn+rmk18B/FBKkYaYg24HYEu9Y9aPVI94J3b7ncIVBo+n Ri2A==
MIME-Version:	1.0
References:	<CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg AT mail DOT gmail DOT com>
In-Reply-To:	<CAJn6YFB_qVF-fNpX_CiWhnigaKMWJo-sOWM5C0ZJ89Ez1hvcBg@mail.gmail.com>
From:	John Selbie <jselbie AT gmail DOT com>
Date:	Mon, 2 Mar 2020 20:53:06 -0800
Message-ID:	<CAJn6YFBcmnkZ_hGY_OJPguT+m-4UG_2oTCuMCPTD2GVW3JFbDg@mail.gmail.com>
Subject:	Re: ASLR revisited
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes