ASLR revisited
Andrey Repin
anrdaemon@yandex.ru
Wed Mar 4 23:29:00 GMT 2020
Greetings, John Selbie!
> For my open source project, I publish source code for Unix written in C++.
> And as a convenience, I publish Win32 binaries compiled with Cygwin's g++
> build. I bundled the compiled EXE along with the dependent Cygwin DLLs
> (cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).
> Someone rang me up today and said, "We're about to go live with your
> pre-compiled binaries for Windows, but our compliance testing detected your
> code isn't using ASLR (Address Space Layout Randomization). Can you fix?"
> A quick internet search reveals that Cygwin has a compatibility issue with
> ASRL. Process Explorer from sysinternals.com reveals that the process runs
> without ASLR.
As far as I recall, POSIX forking semantics are incompatible with ASLR.
So, if my memory serves me well, the answer is "don't do that, your
application will break badly."
> Is there a workaround for allowing Cygwin code to have ASLR? I don't need
> the fork() function.
Build your application for native API. That's the only right answer.
--
With best regards,
Andrey Repin
Wednesday, March 4, 2020 22:09:21
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list