Investigate linking with /dynamicbase (ASLR in Vista.)
As noted in the other bug, /dynamicbase isn't supported by MSVC8, only MSVC8SP1, and isn't documented on MSDN (only noted in a couple of security blogs)... this makes me nervous, and it's also pretty complex to write a configure test for.
http://blogs.msdn.com/michael_howard/archive/2006/10/04/Alleged-Bugs-in-Windows-Vista_1920_s-ASLR-Implementation.aspx it is documented: http://msdn2.microsoft.com/en-us/library/bb384887.aspx
Does the ref platform use SP1 now? Is that risky or can we get this? I'm more than ok with bumping requirements to MSVC8 SP1 if it gets us better mitigation against attacks. This seems like a solid win for minimal effort.
The refplatform uses SP1. Should be easy to turn this on if you want it.
I don't want to turn this on without a configure check so that we don't break builders with plain VC8 or VC71
Created attachment 306914 [details] [diff] [review] use dynamicbase on vc8sp1 or newer This WFM, although I didn't do a full build with it, I just re-built spidermonkey and verified it linked properly.
Comment on attachment 306914 [details] [diff] [review] use dynamicbase on vc8sp1 or newer Oops, VC8 only differs from SP1 in the fourth version component. New patch in a bit.
Created attachment 306926 [details] [diff] [review] better Right, this should not fail on plain VC8.
Here's a build with this patch if anyone wants to do some testing on Vista: https://build.mozilla.org/tryserver-builds/2008-03-04_02:email@example.comfirstname.lastname@example.org https://build.mozilla.org/tryserver-builds/2008-03-04_02:email@example.comfirstname.lastname@example.org
Checked in. Someone should test this to make sure it doesn't cause any bustage on Vista. Guess we'll find out in tomorrow's nightlies!
Ted: 1) With this enabled, did the nightlies pass all tests ok? 2) Is there anything beyond your landed "configure.in" changes that we need in release automation to ship with this?
John: 1) I haven't seen any evidence otherwise (Talos boxes are fine, and I haven't seen any bugs filed yet) 2) Nope, this gets enabled by default if your compiler supports it