the Makefile has: EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
Is there a good reason for this? Otherwise, this opens a security vulnerability in Wine that does not exist in Windows....
This is the way Windows worked before Vista. (Does Vista actually randomize where even ntdll is?)
BTW our CreateRemoteThread conformance test checks whether the module has been loaded at a different address, and skips if it has...
On Sunday 04 July 2010 22:31:49 Dan Kegel wrote:
the Makefile has: EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
Is there a good reason for this? Otherwise, this opens a security vulnerability in Wine that does not exist in Windows....
This is the way Windows worked before Vista. (Does Vista actually randomize where even ntdll is?)
BTW our CreateRemoteThread conformance test checks whether the module has been loaded at a different address, and skips if it has...
http://www.nynaeve.net/?p=198 has a pretty good explanation why certain DLLs must be loaded at same address; one example why Wine should care is to satisfy programs injecting code in different processes.
Andrey Turkin wrote:
On Sunday 04 July 2010 22:31:49 Dan Kegel wrote:
the Makefile has: EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
Is there a good reason for this? Otherwise, this opens a security vulnerability in Wine that does not exist in Windows....
This is the way Windows worked before Vista. (Does Vista actually randomize where even ntdll is?)
BTW our CreateRemoteThread conformance test checks whether the module has been loaded at a different address, and skips if it has...
http://www.nynaeve.net/?p=198 has a pretty good explanation why certain DLLs must be loaded at same address; one example why Wine should care is to satisfy programs injecting code in different processes.
Code injection is considered a vulnerability if 'bad' code cannot be detected. I don't know if Windows does this or not....
However, if this is displayed functionality with Windows, we should duplicate it....
James McKenzie
-
Andrey Turkin -
Dan Kegel -
James McKenzie