Enable ASLR and DEP on snappyjava.dll

[djelinski]

ASLR is a technique designed to make various types of buffer overruns more difficult to exploit, by moving segments around a bit. The stack could be shifted a few bytes (or pages), the sections of your program (and even the libraries your code uses) can be loaded at different addresses, etc.

Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely.

ASLR and DEP are not enabled on snappyjava.dll files contained in jar downloaded from mavencentral:

PS D:\test> Import-Module .\Get-PESecurity.psm1
PS D:\test> get-pesecurity -file .\snappyjava.dll


FileName         : D:\test\snappyjava.dll
ARCH             : AMD64
DotNET           : False
ASLR             : False
DEP              : False
Authenticode     : False
StrongNaming     : N/A
SafeSEH          : N/A
ControlFlowGuard : False
HighentropyVA    : False

[xerial]

Do you mean adding -Wl,dynamicbase, -Wl,nxcompat compiler flags?

[djelinski]

I think so; these two, and also -Wl,--high-entropy-va.