dotnet-apiport
dotnet-apiport copied to clipboard
microsoft
fix binskim bug for HighEntropyVACheck issue
bug title: [ VS-DotNet-ApiPort ][ BinSkim ] - Defect : HighEntropyVACheck, Component : \a\2.6.0-alpha.10\ApiPort\netcoreapp2.1\ApiPort.dll (1 issue) Same issue for offline version as well. Binskim error: error BA2015: 'ApiPort.dll' does not declare itself as high entropy ASLR compatible. High entropy makes Address Space Layout Randomization more effective in mitigating memory corruption vulnerabilities. To resolve this issue, configure your tools to mark the program high entropy compatible; e.g. by supplying /HIGHENTROPYVA to the C or C++ linker command line. (This image was determined to have been properly compiled as /LARGEADDRESSAWARE.)
@marklio Per https://docs.microsoft.com/en-us/cpp/build/reference/highentropyva-support-64-bit-aslr?view=vs-2019, it is enabled by default in C++. Per https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/highentropyva-compiler-option, it is disable by default in C#.
Never had to use this, so not sure what the default is. But you'd want to put this in the Directory.Build.props so it's picked up by all projects
Never had to use this, so not sure what the default is. But you'd want to put this in the
Directory.Build.propsso it's picked up by all projects
Good point. Fixed
I know csc doesn't do it by default, but the targets should be setting it if you are targeting a supported framework: https://github.com/microsoft/msbuild/blob/a78f69dae3d599544e52b69b15e5bd71e27cd3b3/src/Tasks/Microsoft.NETFramework.CurrentVersion.props#L108
Looks like this tried to get fixed with https://github.com/microsoft/msbuild/issues/2912, but the fix wasn't correct. It is now being tracked by https://github.com/microsoft/msbuild/issues/4566
