Page MenuHome GnuPG
Create Task
Maniphest T4923

Compile Kleopatra with DEP/ASLR support
Open, NormalPublic
Actions

Description

Comparing the *nix binary to Windows one, it seems that Kleopatra in Debian's repository has PIE/SP enabled:

$ ./hardening-check.pl /usr/bin/kleopatra
/usr/bin/kleopatra:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!
 Stack clash protection: unknown, no -fstack-clash-protection instructions found
 Control flow integrity: unknown, no -fcf-protection instructions found!

While on Windows, neither DEP nor ASLR are enabled:

Would it be possible to compile Kleo (and, ideally, other binaries) with DEP/ASLR enabled?

Details

Version
v3.1.11-Gpg4win-3.1.11

Event Timeline

asv created this task.Apr 22 2020, 8:36 AM
werner triaged this task as Normal priority.Apr 23 2020, 2:53 PM
werner edited projects, added kleopatra; removed Bug Report.
asv added a comment.Apr 23 2020, 4:15 PM

Seems like this is applicable to other binaries as well:

In case 32 bit binary is mandatory, -Wl,-dynamicbase,-nxcompat (without --high-entropy-va) might be a good start.
Please feel free to update the ticket if you in need of any beta-testing or other help that does not require genuine knowledge of C/C++ :)