|
|
Subscribe / Log in / New account

MinGW and why Linux users should care

MinGW and why Linux users should care

Posted Nov 19, 2008 15:13 UTC (Wed) by cde (guest, #46554)
Parent article: MinGW and why Linux users should care

The main problem about building with MinGW is that you don't get the security benefits you have with VS2005 or VS2008; /GS (stack cookies), /DYNAMICBASE+/NXCOMPAT (address randomization), /NXCOMPAT (prevention against execution) and lastly /safeseh.

See for example VideoLAN, http://milw0rm.com/exploits/7051 which has none of these flags above and is trivially exploitable.

to post comments

MinGW and why Linux users should care

Posted Nov 19, 2008 15:13 UTC (Wed) by cde (guest, #46554) [Link]

Sorry, I meant /DYNAMICBASE+/FIXED:NO

MinGW and why Linux users should care

Posted Nov 19, 2008 15:37 UTC (Wed) by jreiser (subscriber, #11027) [Link]

How does /GS differ from gcc -fstack-protector , and what about the -fpie option compared to /DYNAMICBASE+/FIXED:no ?

MinGW and why Linux users should care

Posted Nov 19, 2008 15:38 UTC (Wed) by mjthayer (guest, #39183) [Link] (2 responses)

VC++ (at least the command line interface) will run under Wine, if you want to achieve the same thing using that compiler. You will have the same set up issues with libraries and whatnot.

MinGW and why Linux users should care

Posted Nov 19, 2008 17:46 UTC (Wed) by jdahlin (subscriber, #14990) [Link] (1 responses)

Yeah, but the installers of VS/VS express have a long history of not working in wine as the exercise various levels of the window api which is not properly implemented in wine.

MinGW and why Linux users should care

Posted Nov 19, 2008 18:59 UTC (Wed) by mjthayer (guest, #39183) [Link]

It really is doable - I have been cross-building Windows stuff on Linux much of this afternoon. I didn't set up the environment myself though - maybe the stuff was unpacked under Windows and just copied over.

MinGW and why Linux users should care

Posted Nov 19, 2008 17:00 UTC (Wed) by rwmj (subscriber, #5474) [Link]

This is correct to some extent. Currently we build without -fstack-protector because that feature doesn't work in the version of GCC we are using.

Longer term, we want to add / fix all of these features in GCC and the toolchain, stack protection, NX, address space randomization, etc.

Using Visual Studio isn't an option for Fedora because of its non-free status, no matter how good the security features may be.

(I am "Richard" in the article).

MinGW and why Linux users should care

Posted Nov 19, 2008 17:45 UTC (Wed) by tialaramex (subscriber, #21167) [Link] (1 responses)

How much of this just consists of setting some flag fields in the output PE executable?

IIRC at least the NX compatibility and address randomisation are flags. If Microsoft are going to get praise for the improved backwards compatibility, they deserve all the blame for applications that don't get the benefits.

Providing suitable linker flags for MinGW that produce suitably flagged PE executables (perhaps by default) would be nice, but it shouldn't be difficult to do it by hand meanwhile.

MinGW and why Linux users should care

Posted Nov 20, 2008 13:09 UTC (Thu) by PaXTeam (guest, #24616) [Link]

until binutils/ld gets proper support, one can use editbin.exe from VS to set these bits in the PE header (it's a console app, should run fine in wine).

MinGW and why Linux users should care

Posted Nov 19, 2008 22:32 UTC (Wed) by danpb (subscriber, #4831) [Link]

Disclosure: I'm the 'Dan' in the article :-) There are two distinct (but related) use cases for our the MinGW work. First for developers who work on Linux on a day-to-day basis, but want to make sure their code still compiles against Windows. Second, for developers who actually want to ship Windows binaries built with MinGW. For the first case, the lack of the security features in VS is not a problem, since it is basically just being used as a developer testing service. For the second case, clearly there is a downside to not have these features at all, but GCC itself does have potential to include some of them & more could be added if deemed important enough. Fundamentally though, if you want to work with a 100% open source toolchain (I do) and still provide support for Windows you're more or less limited to MinGW or Cygwin as options, MicroSoft VS doesn't come into the equation no matter what it can potentially do. If a Windows user really does want features that VS provides (& has shelled out for its license), then they have the freedom to ignore our MinGW binaries and build from source themselves.

(OT) Visual C++ 2008 Express Edition runs well under WINE

Posted Nov 23, 2008 0:04 UTC (Sun) by qu1j0t3 (guest, #25786) [Link]

For those who need more than MinGW. I'm trying to chase down weird runtime problems on Vista / XP SP3 so have been building with both.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds