Patchwork [RFT] mingw32: use ASLR, no-SEH and DEP if available

login
register
mail settings
Submitter Blue Swirl
Date Sept. 14, 2010, 8:15 p.m.
Message ID <AANLkTi=s28zshvd2qC8ysxyOjHCNXkgjSLk=TJyXL4mf@mail.gmail.com>
Download mbox | patch
Permalink /patch/64743/
State New
Headers show

Comments

Blue Swirl - Sept. 14, 2010, 8:15 p.m.
If the linker supports the flags --dynamicbase, --no-seh,
or --nxcompat, use them.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
--
This may create compatibility problems with XP. Testers wanted.
No change seen with Wine.
---
 configure |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
TeLeMan - Sept. 29, 2010, 2:38 a.m.
GDB can not insert breakpoints on Windows Vista/7 because of the flag
-dynamicbase.
--
SUN OF A BEACH
Blue Swirl - Sept. 29, 2010, 5:04 p.m.
On Wed, Sep 29, 2010 at 2:38 AM, TeLeMan <geleman@gmail.com> wrote:
> GDB can not insert breakpoints on Windows Vista/7 because of the flag
> -dynamicbase.

I'd suppose that is a bug in GDB, or rather a missing feature. ASLR is
automatically disabled by GDB 7, but that and "set
disable-randomization on" seems to work only on Linux.

For QEMU, it could be possible to make a workaround (for example a new
flag for configure which disables ASLR). I think ASLR enabled should
be the default.
Paolo Bonzini - Sept. 30, 2010, 8:09 a.m.
On 09/29/2010 07:04 PM, Blue Swirl wrote:
> On Wed, Sep 29, 2010 at 2:38 AM, TeLeMan<geleman@gmail.com>  wrote:
>> GDB can not insert breakpoints on Windows Vista/7 because of the flag
>> -dynamicbase.
>
> I'd suppose that is a bug in GDB, or rather a missing feature. ASLR is
> automatically disabled by GDB 7, but that and "set
> disable-randomization on" seems to work only on Linux.
>
> For QEMU, it could be possible to make a workaround (for example a new
> flag for configure which disables ASLR). I think ASLR enabled should
> be the default.

You can piggyback that onto --enable-pie/--disable-pie.

Enabling PIE by default would be a good thing in general for security, 
BTW, even for softmmu targets.

Paolo

Patch

diff --git a/configure b/configure
index 4061cb7..26f5465 100755
--- a/configure
+++ b/configure
@@ -2138,6 +2138,15 @@  if test "$solaris" = "no" ; then
     fi
 fi

+# Use ASLR, no-SEH and DEP if available
+if test "$mingw32" = "yes" ; then
+    for flag in --dynamicbase --no-seh --nxcompat; do
+        if $ld --help 2>/dev/null | grep ".$flag" >/dev/null 2>/dev/null ; then
+            LDFLAGS="-Wl,$flag $LDFLAGS"
+        fi
+    done
+fi
+
 confdir=$sysconfdir$confsuffix

 tools=