forked from osmocom/wireshark
Explain why Get-HardenFlags currently fails.
Change-Id: I4a956b2479a482a9262e6e67f6c7611fad9dde84 Reviewed-on: https://code.wireshark.org/review/11448 Reviewed-by: Gerald Combs <gerald@wireshark.org>
This commit is contained in:
parent
b6497d44b5
commit
ad1f7f4677
|
@ -28,6 +28,21 @@
|
|||
# on all the binaries in the distribution, and then filters
|
||||
# for the NXCOMPAT and DYNAMICBASE flags.
|
||||
|
||||
# This script will probably fail for the forseeable future.
|
||||
#
|
||||
# Many of our third-party libraries are compiled using MinGW-w64. Its version
|
||||
# of `ld` doesn't enable the dynamicbase, nxcompat, or high-entropy-va flags
|
||||
# by default. When you *do* pass --dynamicbase it strips the relocation
|
||||
# section of the executable:
|
||||
#
|
||||
# https://sourceware.org/bugzilla/show_bug.cgi?id=19011
|
||||
#
|
||||
# As a result, none of the distributions that produce Windows applications
|
||||
# and libraries have any sort of hardening flags enabled:
|
||||
#
|
||||
# http://mingw-w64.org/doku.php/download
|
||||
#
|
||||
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Checks the NXCOMPAT and DYNAMICBASE flags on all the binaries.
|
||||
|
|
Loading…
Reference in New Issue