Il 21/01/2017 05:11, Selva Nair ha scritto: > Hi, > On Fri, Jan 20, 2017 at 11:42 AM, Selva Nair <selva.n...@gmail.com > <mailto:selva.n...@gmail.com>> wrote: > > On Fri, Jan 20, 2017 at 9:43 AM, Samuli Seppänen > <sam...@openvpn.net <mailto:sam...@openvpn.net>> wrote: > Thanks for testing! I think we just have to merge the ASLR/DEP > change in > openvpn-build and see what happens. > > > For ASLR we may have to add some option to get reloc information > into the exe? As per discussion under GUI PR 123 > (https://github.com/OpenVPN/openvpn-gui/pull/123 > <https://github.com/OpenVPN/openvpn-gui/pull/123>) mingw does not do > this by default. There --export-all-symbols is used, which I think > is a terrible hack. > > Checking aslr is enabled or not using process explorer may help -- > openssl dll has to be checked too. > > > Checked this on win7. Process explorer shows ASLR flag is set on the > executable. But ASLR is not really active. The GUI is loaded at the same > address each time (as per vmmap from sysinternals). I see no address > randomization. > > Recompiling by exporting at least one function fixes this so the linker > is indeed not adding reloc section to the exe otherwise. > > The build option does make ASLR work for openssl dll so the only thing > missing there was the flag in the header. Not so for the executables. > > We need to find some fix for this, else I fear this will be ASLR in name > only. > > Selva
So we need a small code change in OpenVPN to get ASLR actually working, like in OpenVPN GUI? <https://github.com/OpenVPN/openvpn-gui/pull/123/> In particular something like this: <https://github.com/OpenVPN/openvpn-gui/pull/123/files#diff-2045016cb90d1e65d71c2407a2570927R72> Correct? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
