[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#953212: lintian check portable-executable-missing-security-features disagrees with genpeimg about SafeSEH

Hi Daniel,

On Thu, Mar 5, 2020 at 3:12 PM Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
>
> It seems like the check in checks/pe.pm for what it calls "SafeSEH" is
> not aligned with the "Optional Characteristics" flag provided by
> "genpeimg -x" as "no-SEH".

That is correct. The flag is inverted.

I do not have much experience with PE32+, but I believe that turning
off structured exception handling (i.e. setting 'no-SEH') is a
potential security issue. Please consider this from the PE Format
guide:

[If the image] is marked as reserved SEH-aware (that is,
IMAGE_DLLCHARACTERISTICS_NO_SEH is clear ...), then the [exception]
handler must be in the list of known safe handlers for that image.
Otherwise, the operating system terminates the application. This helps
prevent the "x86 exception handler hijacking" exploit....

The full text can be found at

    https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#file-headers.

Also, please note that setting PE32+ security flags does not, by
itself, enable any features. It is why the default settings were
recently changed in binutils-mingw-w64 (and that change could be why
you see the tag now):

    binutils-mingw-w64 (8.8) unstable; urgency=medium

      * binutils 2.34 doesn't fully support enabling the relocation section
        by default, so disable it again, along with the rest of the PE
        protection mechanisms which t make sense without relocation (see
        https://www.kb.cert.org/vuls/id/307144/ for details).

     -- Stephen Kitt <skitt@debian.org>  Wed, 26 Feb 2020 17:50:17 +0100

I had to work myself into the matter recently, which resulted in this
currently unreleased commit:

    https://salsa.debian.org/lintian/lintian/-/commit/e270727af233998db6730eee7a656bd0cef0a5f1

> After a build of win-iconv which follows the
> instructions given in "lintian-info --tags
> portable-executable-missing-security-features" exactly, you can see that
> the "no-SEH" flag is present, but lintian still complains:

You are right. The description is not clear. Especially the oddity of
the negation is not mentioned, but I already noted via my recent
commit the other, greater issues with that tag. I will further amend
it regarding no-SEH, if you insist.

The Lintian check mentions the negation, but much too briefly:

    https://salsa.debian.org/lintian/lintian/-/blob/master/checks/pe.pm#L72

As a positive, you may not encounter the tag for much longer. It was
marked both pedantic and experimental, and may be removed in the
future.

We would very much welcome any helpful suggestions, if you have
experience with PE32+ executables. You are also welcome to close this
bug.

Kind regards
Felix Lechner
Reply to: