Turn on ASLR via /DYNAMICBASE and DEP via SetProcessDEPPolicy().
svn path=/trunk/; revision=34137
This commit is contained in:
parent
034f2739d2
commit
a87bdf9660
|
@ -816,7 +816,7 @@ main(int argc, char *argv[])
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
#ifdef HAVE_PLUGINS
|
||||
/* Register wiretap plugins */
|
||||
|
|
10
config.nmake
10
config.nmake
|
@ -780,6 +780,7 @@ LOCAL_CFLAGS=$(LOCAL_CFLAGS) /D_BIND_TO_CURRENT_CRT_VERSION=1
|
|||
!IF "$(MSVC_VARIANT)" == "MSVC2008" || "$(MSVC_VARIANT)" == "MSVC2008EE" || "$(MSVC_VARIANT)" == "MSVC2010" || "$(MSVC_VARIANT)" == "MSVC2010EE"
|
||||
LOCAL_CFLAGS= $(LOCAL_CFLAGS) /MP
|
||||
!ENDIF
|
||||
|
||||
# Linker flags:
|
||||
# /DEBUG generate debug info
|
||||
# /PROFILE generate map file(s) for profiling
|
||||
|
@ -792,6 +793,15 @@ DLL_LDFLAGS =
|
|||
DLL_LDFLAGS = /MANIFEST:no
|
||||
!ENDIF
|
||||
|
||||
# Enable ASLR. Requires VS2008 or later.
|
||||
# http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
|
||||
# DEP is handled in init_process_policies()
|
||||
|
||||
# ASLR http://msdn.microsoft.com/en-us/library/bb384887.aspx
|
||||
!IF $(MSC_VER_REQUIRED) >= 1500
|
||||
LOCAL_LDFLAGS= $(LOCAL_LDFLAGS) /DYNAMICBASE
|
||||
!ENDIF
|
||||
|
||||
PLUGIN_LDFLAGS = /NOLOGO /INCREMENTAL:no $(LOCAL_LDFLAGS) $(DLL_LDFLAGS)
|
||||
|
||||
#
|
||||
|
|
2
dftest.c
2
dftest.c
|
@ -68,7 +68,7 @@ main(int argc, char **argv)
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
/*
|
||||
* Attempt to get the pathname of the executable file.
|
||||
|
|
|
@ -3569,7 +3569,7 @@ main(int argc, char *argv[])
|
|||
/* */
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
#ifdef HAVE_LIBCAP
|
||||
/* If 'started with special privileges' (and using libcap) */
|
||||
|
|
14
editcap.c
14
editcap.c
|
@ -383,9 +383,9 @@ set_strict_time_adj(char *optarg_str_p)
|
|||
optarg_str_p++;
|
||||
}
|
||||
|
||||
/*
|
||||
* check for a negative adjustment
|
||||
* A negative strict adjustment value is a flag
|
||||
/*
|
||||
* check for a negative adjustment
|
||||
* A negative strict adjustment value is a flag
|
||||
* to adjust all frames by the specifed delta time.
|
||||
*/
|
||||
if (*optarg_str_p == '-') {
|
||||
|
@ -807,7 +807,7 @@ main(int argc, char *argv[])
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
#ifdef HAVE_PLUGINS
|
||||
/* Register wiretap plugins */
|
||||
|
@ -1226,9 +1226,9 @@ main(int argc, char *argv[])
|
|||
phdr = &snap_phdr;
|
||||
}
|
||||
} else {
|
||||
/*
|
||||
* A negative strict time adjustment is requested.
|
||||
* Unconditionally set each timestamp to previous
|
||||
/*
|
||||
* A negative strict time adjustment is requested.
|
||||
* Unconditionally set each timestamp to previous
|
||||
* packet's timestamp plus delta.
|
||||
*/
|
||||
snap_phdr = *phdr;
|
||||
|
|
|
@ -2116,7 +2116,7 @@ main(int argc, char *argv[])
|
|||
* before doing anything else.
|
||||
* Let the user know if anything happened.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
relinquish_special_privs_perm();
|
||||
|
||||
/*
|
||||
|
|
|
@ -453,7 +453,7 @@ main(int argc, char *argv[])
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
/*
|
||||
* Clear the filters arrays
|
||||
|
@ -480,7 +480,7 @@ main(int argc, char *argv[])
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
/* nothing more than the standard GLib handler, but without a warning */
|
||||
log_flags =
|
||||
|
|
2
tshark.c
2
tshark.c
|
@ -824,7 +824,7 @@ main(int argc, char *argv[])
|
|||
/*
|
||||
* Get credential information for later use.
|
||||
*/
|
||||
get_credential_info();
|
||||
init_process_policies();
|
||||
|
||||
/*
|
||||
* Attempt to get the pathname of the executable file.
|
||||
|
|
|
@ -42,7 +42,7 @@ mpa_samples
|
|||
mpa_version
|
||||
|
||||
; privileges.c
|
||||
get_credential_info
|
||||
init_process_policies
|
||||
get_cur_groupname
|
||||
get_cur_username
|
||||
npf_sys_is_running
|
||||
|
|
|
@ -44,8 +44,19 @@
|
|||
* we'll need later.
|
||||
*/
|
||||
void
|
||||
get_credential_info(void)
|
||||
init_process_policies(void)
|
||||
{
|
||||
typedef BOOL (*SetProcessDEPPolicyHandler)(DWORD);
|
||||
SetProcessDEPPolicyHandler PSetProcessDEPPolicy;
|
||||
|
||||
#ifndef PROCESS_DEP_ENABLE
|
||||
#define PROCESS_DEP_ENABLE 1
|
||||
#endif
|
||||
|
||||
if (PSetProcessDEPPolicy = (SetProcessDEPPolicyHandler) GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "SetProcessDEPPolicy")) {
|
||||
PSetProcessDEPPolicy(PROCESS_DEP_ENABLE);
|
||||
}
|
||||
|
||||
npf_sys_is_running();
|
||||
}
|
||||
|
||||
|
@ -149,7 +160,7 @@ npf_sys_is_running() {
|
|||
|
||||
static uid_t ruid, euid;
|
||||
static gid_t rgid, egid;
|
||||
static gboolean get_credential_info_called = FALSE;
|
||||
static gboolean init_process_polices_called = FALSE;
|
||||
|
||||
/*
|
||||
* Called when the program starts, to save whatever credential information
|
||||
|
@ -157,14 +168,14 @@ static gboolean get_credential_info_called = FALSE;
|
|||
* That'd be the real and effective UID and GID on UNIX.
|
||||
*/
|
||||
void
|
||||
get_credential_info(void)
|
||||
init_process_polices(void)
|
||||
{
|
||||
ruid = getuid();
|
||||
euid = geteuid();
|
||||
rgid = getgid();
|
||||
egid = getegid();
|
||||
|
||||
get_credential_info_called = TRUE;
|
||||
init_process_polices_called = TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -174,7 +185,7 @@ get_credential_info(void)
|
|||
gboolean
|
||||
started_with_special_privs(void)
|
||||
{
|
||||
g_assert(get_credential_info_called);
|
||||
g_assert(init_process_polices_called);
|
||||
#ifdef HAVE_ISSETUGID
|
||||
return issetugid();
|
||||
#else
|
||||
|
|
|
@ -23,10 +23,10 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* Called when the program starts, to save whatever credential information
|
||||
* we'll need later.
|
||||
* Called when the program starts, to enable security features and save
|
||||
* whatever credential information we'll need later.
|
||||
*/
|
||||
extern void get_credential_info(void);
|
||||
extern void init_process_policies(void);
|
||||
|
||||
/**
|
||||
* Was this program started with special privileges? get_credential_info()
|
||||
|
|
Loading…
Reference in New Issue