ASLR revisited
John Selbie
jselbie@gmail.com
Tue Mar 3 04:26:00 GMT 2020
For my open source project, I publish source code for Unix written in C++.
And as a convenience, I publish Win32 binaries compiled with Cygwin's g++
build. I bundled the compiled EXE along with the dependent Cygwin DLLs
(cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).
Someone rang me up today and said, "We're about to go live with your
pre-compiled binaries for Windows, but our compliance testing detected your
code isn't using ASLR (Address Space Layout Randomization). Can you fix?"
A quick internet search reveals that Cygwin has a compatibility issue with
ASRL. Process Explorer from sysinternals.com reveals that the process runs
without ASLR.
I tried using the Windows 10 Exploit Protection Panel - and specifying an
exception for this executable to have mandatory ASLR. That results in the
code no longer running. Although the alternate option of "Botton-up ASLR"
did allow the code to run, but Process Explorer still doesn't show it
running with ASLR.
Is there a workaround for allowing Cygwin code to have ASLR? I don't need
the fork() function.
Thanks,
jrs
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list