0002250: Add windows security compiler flags

ID	Project	Category	View Status	Date Submitted	Last Update

0002250	Slicer4	Core: Building (CMake, Superbuild)	public	2012-06-22 06:31	2014-03-07 10:47

Reporter	AnthonyBlumfield	Assigned To	jcfr
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	acknowledged	Resolution	open
Product Version
Target Version		Fixed in Version

Summary	0002250: Add windows security compiler flags
Description	From Anthony: I may be wrong as I am not too familiar with the build process, however, it seems that we are not using the secure compiler and linker switches. Specifically for windows, /GS, /DynamicBase, /NXCompat, /SafeSEH – see short description at http://msdn.microsoft.com/en-us/magazine/cc337897.aspx#S7 Gcc also have some protections like stack guard that may be applicable. From Anthony: Wrt Linux, great. Wrt Windows: Never seen a side effect and I have added /GS, /NXCompat, /SafeSEH to major projects with zero implications. /DynamicBase is a little newer; however it is part of SDL (secure development lifecycle) which essentially means you cannot ship code in Microsoft without using it and it is best practices for the windows development community. The only side effect I have heard of was related to /NXCompat where a project (I think it was in media player) deliberately stored executable binary in a buffer and called it. This is a very rare case.
Additional Information	See http://www.na-mic.org/Wiki/index.php/2012_Summer_Project_Week:Threat_Modeling
Tags	help-wanted

jcfr 2012-06-22 06:40 administrator ~0004907	Pushed topic https://github.com/jcfr/Slicer/tree/2250-windows-security-flag

AnthonyBlumfield 2012-06-22 17:50 reporter ~0004911	The flags are described in more detail in msdn. For Compiler: /GS For linker: /NXCompat /DynamicBase /SafeSEH Notes: newer compiler/linker versions have some of the flags on by default; however, as you don’t control the compiler/linker versions I would recommend setting them all just in case. SafeSEH is only required on x86

jcfr 2014-03-07 10:45 administrator ~0011380 Last edited: 2014-03-07 10:46	This would be nice to resolve this issue - but we think it's low priority right now. Let us know if it is high priority for you or if you would like to help us testing the proposed topic or improve it.

Date Modified	Username	Field	Change
2012-06-22 06:31	jcfr	New Issue
2012-06-22 06:31	jcfr	Status	new => assigned
2012-06-22 06:31	jcfr	Assigned To	=> jcfr
2012-06-22 06:40	jcfr	Note Added: 0004907
2012-06-22 06:40	jcfr	Reporter	jcfr => AnthonyBlumfield
2012-06-22 06:40	jcfr	Target Version	=> Slicer 4.2.0 - Sept 1st 2012
2012-06-22 17:50	AnthonyBlumfield	Note Added: 0004911
2012-08-20 10:18	jcfr	Target Version	Slicer 4.2.0 - Feature freeze Sept 1st 2012 => Slicer 4.2.5
2012-08-21 09:40	jcfr	Target Version	Slicer 4.2.5 => Slicer 4.3.0
2013-08-30 13:27	jcfr	Target Version	Slicer 4.3.0 => Slicer 4.4.0
2014-03-07 10:45	jcfr	Note Added: 0011380
2014-03-07 10:45	jcfr	Status	assigned => acknowledged
2014-03-07 10:45	jcfr	Tag Attached: I-want-to-contribute
2014-03-07 10:46	jcfr	Note Edited: 0011380
2014-03-07 10:47	jcfr	Target Version	Slicer 4.4.0 =>
2014-05-12 23:20	jcfr	Tag Renamed	I-want-to-contribute => help-wanted