cmd/link: enable ASLR on Windows executables
There's no reason not to enable ASLR in 2019, especially given Go's
minimum operating system level.
Fixes #27144
Change-Id: I539e22e970dae21c053ca155d230fc38d5660dd9
diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index 04f0276..3793d44 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -1191,6 +1191,18 @@
// Enable DEP
argv = append(argv, "-Wl,--nxcompat")
+ // Enable ASLR
+ argv = append(argv, "-Wl,--dynamicbase")
+
+ // Enable high-entropy ASLR on 64-bit
+ if ctxt.Arch.PtrSize >= 8 {
+ argv = append(argv, "-Wl,--high-entropy-va")
+ }
+
+ // Work around binutils limitation that strips relocation table for dynamicbase
+ // See https://sourceware.org/bugzilla/show_bug.cgi?id=19011
+ argv = append(argv, "-Wl,--export-all-symbols")
+
argv = append(argv, fmt.Sprintf("-Wl,--major-os-version=%d", PeMinimumTargetMajorVersion))
argv = append(argv, fmt.Sprintf("-Wl,--minor-os-version=%d", PeMinimumTargetMinorVersion))
argv = append(argv, fmt.Sprintf("-Wl,--major-subsystem-version=%d", PeMinimumTargetMajorVersion))
diff --git a/src/cmd/link/internal/ld/pe.go b/src/cmd/link/internal/ld/pe.go
index b5851a9..ffafed1 100644
--- a/src/cmd/link/internal/ld/pe.go
+++ b/src/cmd/link/internal/ld/pe.go
@@ -94,6 +94,7 @@
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14
IMAGE_SUBSYSTEM_WINDOWS_GUI = 2
IMAGE_SUBSYSTEM_WINDOWS_CUI = 3
+ IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040
IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
@@ -859,12 +860,6 @@
oh.Subsystem = IMAGE_SUBSYSTEM_WINDOWS_CUI
}
- switch ctxt.Arch.Family {
- case sys.ARM:
- oh64.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
- oh.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
- }
-
// Mark as having awareness of terminal services, to avoid ancient compatibility hacks.
oh64.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
oh.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
@@ -873,6 +868,10 @@
oh64.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_NX_COMPAT
oh.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+ // Enable ASLR (and high-entropy ASLR for 64-bit)
+ oh64.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE | IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
+ oh.DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
+
// Disable stack growth as we don't want Windows to
// fiddle with the thread stack limits, which we set
// ourselves to circumvent the stack checks in the