-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add DEP, ASLR and HE-ASLR support. #612
Conversation
Please rework your commit messages. |
This is the first step for enabling ASLR (Address Space Layout Randomization) support. The problem is ld.exe seems to be stripping relocations which in turn will break ASLR support. We just make sure its not stripping the main executable entry. Signed-off-by: İsmail Dönmez <[email protected]>
Enable DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) support. This applies to both 32bit and 64bit builds. Signed-off-by: İsmail Dönmez <[email protected]>
For 64bit builds we can go ahead and enable High Entropy ASLR which will provide better protection. Signed-off-by: İsmail Dönmez <[email protected]>
@rimrul Thanks for the heads up, I reworked commit messages. |
@ismail thanks for doing this. Unfortunately, I get an access violation ("segmentation fault") immediately upon starting |
Turns out that reverting the ASLR^2 patch fixes that segmentation fault... |
@dscho that is probably because DLLs need some other start address (image base), is there some ldflags variable only used for DLLs? |
@ismail Please note that I only recompiled Git, not that library... So I fear we will have to do without ASLR^2, at least for now. In related news, I did revert the last commit of this PR locally and the test suite passes so far (it is almost 50% through, but this is my slow VM because I develop two other things on my main development machine, so both SDKs (and the full CPU) are used to the max). Looking good! |
Good enough, we can work on ASLR^2 later on :) |
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <[email protected]>
Thanks! |
You are very welcome. :) |
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <[email protected]>
See git-for-windows/git#612 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of git-for-windows#612 that does not break Git ;-) This fixes git-for-windows#608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
Address Space Layout Randomization (ASLR) allows executables' memory layout to change at random between runs, and therefore offers a quite decent protection against many attacks. We enable ASLR because MSYS2's C compiler offers support for ASLR, and whatever performance impact it has is neglible, according to https://insights.sei.cmu.edu/cert/2014/02/differences-between-aslr-on-windows-and-linux.html This merges the part of #612 that does not break Git ;-) This fixes #608 Signed-off-by: Johannes Schindelin <[email protected]>
This should fix #608 but I cannot test it.