use ASLR on Windows

[thestinger]

This should be as simple as passing --dynamicbase to the linker for both libraries and executables. However, the necessary relocations are never generated by MinGW or MinGW-w64 for executables so nothing is actually randomized without also passing --export-all-symbols. The -pie switch is also broken and results in a messed up entry point, but it may not actually be required.

[postessive]

Hi,

I found this issue while looking for an old reference, but I thought you might be interested in a possible fix. We needed --dynamic-base for Tor's hardening options and after some back and forth settled on a working binutils patch which is here (works for 2.24 and is being submitted upstream shortly):

https://gitweb.torproject.org/user/erinn/tor-browser-bundle.git/commitdiff/631b64262ea66f9529a2ef552734a88d7171a594

This patch has not been reviewed at all, since no one at Tor feels sufficiently capable. Hopefully the binutils folks will have something to say, but as language developers you might too. (edit: fix link to patch)

[thestinger]

@postessive: We ended up working around it for the time being by doing a dllexport of main in order to force it to output a relocation section, since the executable counts as a library. I would really like to have this fixed properly though so I'll look into it some more when I have time.

[thestinger]

Needs to be disabled again due to #17684.

[klutzy]

Note that recent binutils may have support for high entropy ASLR. (The patch was accepted last year. See #16593) It would be good to check if mingw-w64 would contain the patch when we re-enable ASLR.

[steveklabnik]

Triage: not sure if anything has changed here, but I don't think so.

[steveklabnik]

Triage: same as in 2016