mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.
ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.
Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Force mingw-w64 to retain the relocations table
mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program's source code:
Arch Linux Affected
Debian GNU/Linux Affected
Fedora Project Affected
Gentoo Linux Affected
Red Hat, Inc. Affected
SUSE Linux Affected
ASP Linux Unknown
Alpine Linux Unknown
Arista Networks, Inc. Unknown
Micro Focus Unknown
MontaVista Software, Inc. Unknown
Openwall GNU/*/Linux Unknown
Slackware Linux Inc. Unknown
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2018-08-03|
|Date Last Updated:||2018-08-03 12:50 UTC|