https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022012-12-14T08:51:40ZOpen Information Security FoundationSuricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26332012-12-14T08:51:40ZRich Rumblerichrumble@gmail.com
<ul></ul><p>Looks like LD can also set these if that helps?<br />man ld<br />...<br /> --dynamicbase<br /> The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows Vista for i386 PE targets.<br /> --nxcompat<br /> The image is compatible with the Data Execution Prevention. This feature was introduced with MS Windows XP SP2 for i386 PE targets.<br />-rich</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26352012-12-15T04:21:19ZVictor Julienvictor@inliniac.net
<ul><li><strong>Tracker</strong> changed from <i>Optimization</i> to <i>Feature</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Peter Manev</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26392012-12-15T08:26:49ZPeter Manevpetermanev@gmail.com
<ul></ul><p>Is there a way to determine for sure, after a windows msi install , that the suricata.exe has the DEP or ASLR flags set and those are used correctly?</p>
<p>thanks</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26412012-12-15T15:33:57ZRich Rumblerichrumble@gmail.com
<ul></ul><p>As far as I know, once those flags are compiled in or added, it's up to the OS from that point. I don't see any additional requirements, libraries or extensive code needed to take advantage of these features. I know you can use Process Explorer from Microsoft's Sysinternals suite to see that the OS is reading the flags, whether or not the OS is doing what it's supposed to from that point, I have no idea. Really I think it's just setting a flag on the exe, and the OS taking it from there...<br />-rich</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26432012-12-16T11:19:43ZPeter Manevpetermanev@gmail.com
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>80</i></li></ul><p>Thank you Rich.</p>
<p>The flags are now set on the new 1.4 msi pkg.</p>
<p>We should look for a way to do this in the configure stage under Cygwin (not just using peflags on the exe)....</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26482012-12-17T01:12:57ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> changed from <i>Peter Manev</i> to <i>Eric Leblond</i></li><li><strong>Target version</strong> set to <i>1.4.1</i></li><li><strong>Estimated time</strong> set to <i>2.00 h</i></li></ul><p>Eric, can you figure out a way to do this automatically? I think we need to test if the command is available and then run it at the correct time.</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=26512012-12-17T15:56:25ZRich Rumblerichrumble@gmail.com
<ul></ul><p>I know VLC and Libpurple recently added such code<br /><a class="external" href="http://git.videolan.org/?p=vlc.git;a=commitdiff;h=60aa14b737e0f00d34c5785b7e7c62557dd7a10d;hp=54104ba864c568d95b52587bb481529401317d9e">http://git.videolan.org/?p=vlc.git;a=commitdiff;h=60aa14b737e0f00d34c5785b7e7c62557dd7a10d;hp=54104ba864c568d95b52587bb481529401317d9e</a><br /><a class="external" href="https://developer.pidgin.im/ticket/15290">https://developer.pidgin.im/ticket/15290</a><br />I think each went about it slightly differently. LD flags seem to be a good way<br />LD_HARDENING_OPTIONS ?= -Wl,--dynamicbase -Wl,--nxcompat (from pidgin/libpurple)<br />-rich</p> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=28592013-03-10T09:46:50ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>1.4.1</i> to <i>2.0beta1</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=31462013-07-09T07:30:37ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>2.0beta1</i> to <i>2.0beta2</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=37932013-11-21T04:32:10ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>2.0beta2</i> to <i>2.0rc1</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=40042014-01-31T06:50:45ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>2.0rc1</i> to <i>TBD</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=99672018-07-17T08:35:10ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> changed from <i>Eric Leblond</i> to <i>Anonymous</i></li><li><strong>Effort</strong> set to <i>low</i></li><li><strong>Difficulty</strong> set to <i>low</i></li></ul> Suricata - Feature #682: Add DEP and ASLR to Windows Binaryhttps://redmine.openinfosecfoundation.org/issues/682?journal_id=111752019-02-23T22:11:00ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Community Ticket</i></li></ul>