Turn on ASLR via /DYNAMICBASE and DEP via SetProcessDEPPolicy().
svn path=/trunk/; revision=34137
This commit is contained in:
parent
034f2739d2
commit
a87bdf9660
|
@ -816,7 +816,7 @@ main(int argc, char *argv[])
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
#ifdef HAVE_PLUGINS
|
#ifdef HAVE_PLUGINS
|
||||||
/* Register wiretap plugins */
|
/* Register wiretap plugins */
|
||||||
|
|
10
config.nmake
10
config.nmake
|
@ -780,6 +780,7 @@ LOCAL_CFLAGS=$(LOCAL_CFLAGS) /D_BIND_TO_CURRENT_CRT_VERSION=1
|
||||||
!IF "$(MSVC_VARIANT)" == "MSVC2008" || "$(MSVC_VARIANT)" == "MSVC2008EE" || "$(MSVC_VARIANT)" == "MSVC2010" || "$(MSVC_VARIANT)" == "MSVC2010EE"
|
!IF "$(MSVC_VARIANT)" == "MSVC2008" || "$(MSVC_VARIANT)" == "MSVC2008EE" || "$(MSVC_VARIANT)" == "MSVC2010" || "$(MSVC_VARIANT)" == "MSVC2010EE"
|
||||||
LOCAL_CFLAGS= $(LOCAL_CFLAGS) /MP
|
LOCAL_CFLAGS= $(LOCAL_CFLAGS) /MP
|
||||||
!ENDIF
|
!ENDIF
|
||||||
|
|
||||||
# Linker flags:
|
# Linker flags:
|
||||||
# /DEBUG generate debug info
|
# /DEBUG generate debug info
|
||||||
# /PROFILE generate map file(s) for profiling
|
# /PROFILE generate map file(s) for profiling
|
||||||
|
@ -792,6 +793,15 @@ DLL_LDFLAGS =
|
||||||
DLL_LDFLAGS = /MANIFEST:no
|
DLL_LDFLAGS = /MANIFEST:no
|
||||||
!ENDIF
|
!ENDIF
|
||||||
|
|
||||||
|
# Enable ASLR. Requires VS2008 or later.
|
||||||
|
# http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
|
||||||
|
# DEP is handled in init_process_policies()
|
||||||
|
|
||||||
|
# ASLR http://msdn.microsoft.com/en-us/library/bb384887.aspx
|
||||||
|
!IF $(MSC_VER_REQUIRED) >= 1500
|
||||||
|
LOCAL_LDFLAGS= $(LOCAL_LDFLAGS) /DYNAMICBASE
|
||||||
|
!ENDIF
|
||||||
|
|
||||||
PLUGIN_LDFLAGS = /NOLOGO /INCREMENTAL:no $(LOCAL_LDFLAGS) $(DLL_LDFLAGS)
|
PLUGIN_LDFLAGS = /NOLOGO /INCREMENTAL:no $(LOCAL_LDFLAGS) $(DLL_LDFLAGS)
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
2
dftest.c
2
dftest.c
|
@ -68,7 +68,7 @@ main(int argc, char **argv)
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Attempt to get the pathname of the executable file.
|
* Attempt to get the pathname of the executable file.
|
||||||
|
|
|
@ -3569,7 +3569,7 @@ main(int argc, char *argv[])
|
||||||
/* */
|
/* */
|
||||||
/* ----------------------------------------------------------------- */
|
/* ----------------------------------------------------------------- */
|
||||||
|
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
#ifdef HAVE_LIBCAP
|
#ifdef HAVE_LIBCAP
|
||||||
/* If 'started with special privileges' (and using libcap) */
|
/* If 'started with special privileges' (and using libcap) */
|
||||||
|
|
14
editcap.c
14
editcap.c
|
@ -383,9 +383,9 @@ set_strict_time_adj(char *optarg_str_p)
|
||||||
optarg_str_p++;
|
optarg_str_p++;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* check for a negative adjustment
|
* check for a negative adjustment
|
||||||
* A negative strict adjustment value is a flag
|
* A negative strict adjustment value is a flag
|
||||||
* to adjust all frames by the specifed delta time.
|
* to adjust all frames by the specifed delta time.
|
||||||
*/
|
*/
|
||||||
if (*optarg_str_p == '-') {
|
if (*optarg_str_p == '-') {
|
||||||
|
@ -807,7 +807,7 @@ main(int argc, char *argv[])
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
#ifdef HAVE_PLUGINS
|
#ifdef HAVE_PLUGINS
|
||||||
/* Register wiretap plugins */
|
/* Register wiretap plugins */
|
||||||
|
@ -1226,9 +1226,9 @@ main(int argc, char *argv[])
|
||||||
phdr = &snap_phdr;
|
phdr = &snap_phdr;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* A negative strict time adjustment is requested.
|
* A negative strict time adjustment is requested.
|
||||||
* Unconditionally set each timestamp to previous
|
* Unconditionally set each timestamp to previous
|
||||||
* packet's timestamp plus delta.
|
* packet's timestamp plus delta.
|
||||||
*/
|
*/
|
||||||
snap_phdr = *phdr;
|
snap_phdr = *phdr;
|
||||||
|
|
|
@ -2116,7 +2116,7 @@ main(int argc, char *argv[])
|
||||||
* before doing anything else.
|
* before doing anything else.
|
||||||
* Let the user know if anything happened.
|
* Let the user know if anything happened.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
relinquish_special_privs_perm();
|
relinquish_special_privs_perm();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -453,7 +453,7 @@ main(int argc, char *argv[])
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Clear the filters arrays
|
* Clear the filters arrays
|
||||||
|
@ -480,7 +480,7 @@ main(int argc, char *argv[])
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
/* nothing more than the standard GLib handler, but without a warning */
|
/* nothing more than the standard GLib handler, but without a warning */
|
||||||
log_flags =
|
log_flags =
|
||||||
|
|
2
tshark.c
2
tshark.c
|
@ -824,7 +824,7 @@ main(int argc, char *argv[])
|
||||||
/*
|
/*
|
||||||
* Get credential information for later use.
|
* Get credential information for later use.
|
||||||
*/
|
*/
|
||||||
get_credential_info();
|
init_process_policies();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Attempt to get the pathname of the executable file.
|
* Attempt to get the pathname of the executable file.
|
||||||
|
|
|
@ -42,7 +42,7 @@ mpa_samples
|
||||||
mpa_version
|
mpa_version
|
||||||
|
|
||||||
; privileges.c
|
; privileges.c
|
||||||
get_credential_info
|
init_process_policies
|
||||||
get_cur_groupname
|
get_cur_groupname
|
||||||
get_cur_username
|
get_cur_username
|
||||||
npf_sys_is_running
|
npf_sys_is_running
|
||||||
|
|
|
@ -44,8 +44,19 @@
|
||||||
* we'll need later.
|
* we'll need later.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
get_credential_info(void)
|
init_process_policies(void)
|
||||||
{
|
{
|
||||||
|
typedef BOOL (*SetProcessDEPPolicyHandler)(DWORD);
|
||||||
|
SetProcessDEPPolicyHandler PSetProcessDEPPolicy;
|
||||||
|
|
||||||
|
#ifndef PROCESS_DEP_ENABLE
|
||||||
|
#define PROCESS_DEP_ENABLE 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (PSetProcessDEPPolicy = (SetProcessDEPPolicyHandler) GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "SetProcessDEPPolicy")) {
|
||||||
|
PSetProcessDEPPolicy(PROCESS_DEP_ENABLE);
|
||||||
|
}
|
||||||
|
|
||||||
npf_sys_is_running();
|
npf_sys_is_running();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -149,7 +160,7 @@ npf_sys_is_running() {
|
||||||
|
|
||||||
static uid_t ruid, euid;
|
static uid_t ruid, euid;
|
||||||
static gid_t rgid, egid;
|
static gid_t rgid, egid;
|
||||||
static gboolean get_credential_info_called = FALSE;
|
static gboolean init_process_polices_called = FALSE;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Called when the program starts, to save whatever credential information
|
* Called when the program starts, to save whatever credential information
|
||||||
|
@ -157,14 +168,14 @@ static gboolean get_credential_info_called = FALSE;
|
||||||
* That'd be the real and effective UID and GID on UNIX.
|
* That'd be the real and effective UID and GID on UNIX.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
get_credential_info(void)
|
init_process_polices(void)
|
||||||
{
|
{
|
||||||
ruid = getuid();
|
ruid = getuid();
|
||||||
euid = geteuid();
|
euid = geteuid();
|
||||||
rgid = getgid();
|
rgid = getgid();
|
||||||
egid = getegid();
|
egid = getegid();
|
||||||
|
|
||||||
get_credential_info_called = TRUE;
|
init_process_polices_called = TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -174,7 +185,7 @@ get_credential_info(void)
|
||||||
gboolean
|
gboolean
|
||||||
started_with_special_privs(void)
|
started_with_special_privs(void)
|
||||||
{
|
{
|
||||||
g_assert(get_credential_info_called);
|
g_assert(init_process_polices_called);
|
||||||
#ifdef HAVE_ISSETUGID
|
#ifdef HAVE_ISSETUGID
|
||||||
return issetugid();
|
return issetugid();
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -23,10 +23,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Called when the program starts, to save whatever credential information
|
* Called when the program starts, to enable security features and save
|
||||||
* we'll need later.
|
* whatever credential information we'll need later.
|
||||||
*/
|
*/
|
||||||
extern void get_credential_info(void);
|
extern void init_process_policies(void);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Was this program started with special privileges? get_credential_info()
|
* Was this program started with special privileges? get_credential_info()
|
||||||
|
|
Loading…
Reference in New Issue