On 30/01/2020 17:41, David Cleary wrote: > One of our customers got binged on a security audit because some Windows > binaries weren't compiled with the security features listed below. TCNative > is on that list. We only include it for our Windows distributions since it is > available in binary form. One side effect of ASLR is that pointers can live > in the entire address space. So, some code can have issues if they assume > that pointers will only be in the lower 32 bit address space. Has any tried > this or know of a reason that compiling with the switches will cause issues > with TCNative? My choices are to bring it in house and build ourselves, or > drop it from our distribution.
Haven't tried it. Don't know if it will cause an issue. Happy to try it. Best to open an issue against Tomcat Native so it doesn't get forgotten. If you go the in-house route this might help: https://cwiki.apache.org/confluence/display/TOMCAT/Building+the+Tomcat+Native+Connector+binaries+for+Windows Mark > > ASLR - Address Space Layout Randomization > > Linker option: /DYNAMICBASE[:NO] > > https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019 > > DEP - Data Execution Prevention > > Linker option: /NXCOMPAT[:NO] > > https://docs.microsoft.com/en-us/cpp/build/reference/nxcompat-compatible-with-data-execution-prevention?view=vs-2019 > > SafeSEH - Safe Exception Handlers > > Linker option: /SAFESEH[:NO] > > https://docs.microsoft.com/en-us/cpp/build/reference/safeseh-image-has-safe-exception-handlers?view=vs-2019 > > Thanks > Dave > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
