Feature #682
open
Add DEP and ASLR to Windows Binary
Added by Rich Rumble about 12 years ago.
Updated almost 6 years ago.
Description
The windows Suricata.exe does not have the DEP or ASLR flags set, I'm not sure how to define the peflags in the code, but I've been able to set them on the already compiled code using "peflags" from Cygwin:
peflags --dynamicbase=true --nxcompat=true /cygdrive/c/Suricata\ 1.4rc1-1-32bit/suricata.exe
Doing it afterward seems to have no effect other than DEP and ASLR being used! I know Pidgin/LibPurple recently added these flags in the code (http://pidgin.im/pipermail/commits/2012-September/021591.html) as well.
-rich
Looks like LD can also set these if that helps?
man ld
...
--dynamicbase
The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows Vista for i386 PE targets.
--nxcompat
The image is compatible with the Data Execution Prevention. This feature was introduced with MS Windows XP SP2 for i386 PE targets.
-rich
- Tracker changed from Optimization to Feature
- Status changed from New to Assigned
- Assignee set to Peter Manev
Is there a way to determine for sure, after a windows msi install , that the suricata.exe has the DEP or ASLR flags set and those are used correctly?
thanks
As far as I know, once those flags are compiled in or added, it's up to the OS from that point. I don't see any additional requirements, libraries or extensive code needed to take advantage of these features. I know you can use Process Explorer from Microsoft's Sysinternals suite to see that the OS is reading the flags, whether or not the OS is doing what it's supposed to from that point, I have no idea. Really I think it's just setting a flag on the exe, and the OS taking it from there...
-rich
- % Done changed from 0 to 80
Thank you Rich.
The flags are now set on the new 1.4 msi pkg.
We should look for a way to do this in the configure stage under Cygwin (not just using peflags on the exe)....
- Assignee changed from Peter Manev to Eric Leblond
- Target version set to 1.4.1
- Estimated time set to 2.00 h
Eric, can you figure out a way to do this automatically? I think we need to test if the command is available and then run it at the correct time.
- Target version changed from 1.4.1 to 2.0beta1
- Target version changed from 2.0beta1 to 2.0beta2
- Target version changed from 2.0beta2 to 2.0rc1
- Target version changed from 2.0rc1 to TBD
- Assignee changed from Eric Leblond to Anonymous
- Effort set to low
- Difficulty set to low
- Assignee set to Community Ticket
Also available in: Atom
PDF