Add DEP, ASLR and HE-ASLR support. #612
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Please rework your commit messages. |
This is the first step for enabling ASLR (Address Space Layout Randomization) support. The problem is ld.exe seems to be stripping relocations which in turn will break ASLR support. We just make sure its not stripping the main executable entry. Signed-off-by: İsmail Dönmez <ismail@i10z.com>
Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) support. This applies to both 32bit and 64bit builds. Signed-off-by: İsmail Dönmez <ismail@i10z.com>
For 64bit builds we can go ahead and enable High Entropy ASLR which will provide better protection. Signed-off-by: İsmail Dönmez <ismail@i10z.com>
|
@rimrul Thanks for the heads up, I reworked commit messages. |
|
@ismail thanks for doing this. Unfortunately, I get an access violation ("segmentation fault") immediately upon starting |
|
Turns out that reverting the ASLR^2 patch fixes that segmentation fault... |
|
@dscho that is probably because DLLs need some other start address (image base), is there some ldflags variable only used for DLLs? |
|
@ismail Please note that I only recompiled Git, not that library... So I fear we will have to do without ASLR^2, at least for now. In related news, I did revert the last commit of this PR locally and the test suite passes so far (it is almost 50% through, but this is my slow VM because I develop two other things on my main development machine, so both SDKs (and the full CPU) are used to the max). Looking good! |
|
Good enough, we can work on ASLR^2 later on :) |
dscho
added a commit
to dscho/git
that referenced
this pull request
Jan 21, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
Thanks! |
|
You are very welcome. :) |
dscho
added a commit
to dscho/git
that referenced
this pull request
Jan 23, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
to git-for-windows/build-extra
that referenced
this pull request
Jan 27, 2016
See git-for-windows/git#612 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Jan 28, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Feb 6, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Feb 23, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Mar 15, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Mar 18, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Mar 29, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Apr 4, 2016
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 8, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 8, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 9, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 9, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 9, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 9, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 10, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 13, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
to dscho/git
that referenced
this pull request
May 13, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
to dscho/git
that referenced
this pull request
May 13, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows-ci
pushed a commit
that referenced
this pull request
May 14, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 14, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 21, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 22, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
May 25, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Jun 4, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
added a commit
that referenced
this pull request
Jun 8, 2019
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This should fix #608 but I cannot test it.