[Gpg4win-devel] Lack of ASLR/DEP in gpg4win
anomie eimona
0anomie0 at gmail.com
Mon Sep 6 22:19:17 CEST 2010
Hi.
Thank you for the great work in maintaining GPG for Windows. I had one
concern, none of the binaries in gpg4win are compiled with support for ASLR
or DEP-- is there a reason for this? It seems like it would be a good idea
to have these technologies enabled for gpg4win since this is a
security application and the loss of a private key is a critical security
failure. I know that ASLR|DEP technologies are not a panacea for memory
corruption bugs, but they do hinder exploitation and a single application
crash from an unreliable exploit can lead to the discovery of the
attack/vulnerability. These technologies make me feel a little (not a lot)
safer and I would love to see the next version compiled with ASLR|DEP.
What are your thoughts on this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20100906/3416478a/attachment.htm
More information about the Gpg4win-devel
mailing list