For my open source project, I publish source code for Unix written in C++. And as a convenience, I publish Win32 binaries compiled with Cygwin's g++ build. I bundled the compiled EXE along with the dependent Cygwin DLLs (cygcrypto, cyggcc, cycstdc++, cygwin1, and cygz.dll).
Someone rang me up today and said, "We're about to go live with your pre-compiled binaries for Windows, but our compliance testing detected your code isn't using ASLR (Address Space Layout Randomization). Can you fix?" A quick internet search reveals that Cygwin has a compatibility issue with ASRL. Process Explorer from sysinternals.com reveals that the process runs without ASLR. I tried using the Windows 10 Exploit Protection Panel - and specifying an exception for this executable to have mandatory ASLR. That results in the code no longer running. Although the alternate option of "Botton-up ASLR" did allow the code to run, but Process Explorer still doesn't show it running with ASLR. Is there a workaround for allowing Cygwin code to have ASLR? I don't need the fork() function. Thanks, jrs -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
