Combability with .NET ReadyToRun and Self-Contained #970
Comments
|
User report that BinSkim BA2021 could have compatibility issue with R2R Linux binaries This issue is created to investigate if below check should be removed/revised // TODO: do we really require this check? What is the proposed fix to this issue?
if (peHeader.SectionAlignment < PAGE_SIZE)
{
// '{0}' has a section alignment ({1}) that is less than its page size ({2}).
context.Logger.Log(this,
RuleUtilities.BuildResult(FailureLevel.Error, context, null,
nameof(RuleResources.BA2021_Error_UnexpectedSectionAligment),
context.CurrentTarget.Uri.GetFileName(),
"0x" + peHeader.SectionAlignment.ToString("x"),
"0x" + PAGE_SIZE.ToString("x")));
return;
}To repro, download official C# extension Linux x64 version from |
|
We also encountered this issue, in binaries compiled for Linux only. |
|
Thanks for adding the feedback. |
|
The layout of R2R assemblies on non-windows is by design. The main issue appears to be that BinSkim rules are Windows specific. Ideally, you want to relax or ignore this rule for non-windows platforms. |
This change skips analysis when it finds non-Windows .NET R2R & NativeAOT PE's. The reason for this is the DoNotMarkWritableSectionsAsExecutable is Windows specific and R2R/NativeAOT do not follow Windows layout rules on non-Windows platforms. Fixes microsoft#970
|
Hey @steveisok, I'm just looking into the PR. Can you also share some additional for |
I made it up to fit the change as it's going to skip scanning when it finds one of these. There wasn't a good already existing message, so I created one. Open to suggestions. |
This just is to note that Binskim combability with .NET ReadyToRun and self-contained could be looked into.
with
p:PublishReadyToRun=trueand--self-containedWith PublishReadyToRun the section alignment changed to 200 from 2000.
Binskim will fail with PublishReadyToRun while pass without.
Not sure if it is a security issue or by design.
full command
"C:\Program Files\dotnet\dotnet.exe" publish C:\Sources\Repos\aaa\aaa.csproj --configuration Debug --output C:\Sources\Repos\aaa\linux-x64\aaa -r linux-x64 p:PublishReadyToRun=true --self-contained --framework net6.0##[error]7. BinSkim Error BA2021 - File: build/linux-x64/aaa/aaa.dll.
Tool: BinSkim: Rule: BA2021 (DoNotMarkWritableSectionsAsExecutable). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2021DoNotMarkWritableSectionsAsExecutable
'aaa.dll' has a section alignment (0x200) that is smaller than its page size (0x1000).
The text was updated successfully, but these errors were encountered: