AIMP Forum

English pages => Suggestions => Topic started by: ita1 on November 20, 2017, 13:18:11

Title: ASLR, CFG
Post by: ita1 on November 20, 2017, 13:18:11
Hi all!

Aimp.exe is lacking relocation table (.reloc section) and subsequently it is mapped at fixed memory region (0x400000)

Furthermore, it should be properly compiled with CFG in mind for security reason, https://msdn.microsoft.com/it-it/library/windows/desktop/mt637065(v=vs.85).aspx

Txs  :)
Title: Re: ASLR, CFG
Post by: ita1 on December 05, 2018, 15:44:37
5.12.2018 and nothing is changed:
AIMP does NOT still support ASLR properly  >:(

https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
Title: Re: ASLR, CFG
Post by: Artem on December 05, 2018, 15:53:07
I have no plans to fix it. Note that all issues cannot be fixed because of 3rd party libraries that does not support ASLR at all.
Title: Re: ASLR, CFG
Post by: ita1 on December 05, 2018, 16:03:48
 :o

I believe that security should have the highest priority so, if it were necessary to abandon obsolete libraries...
Title: Re: ASLR, CFG
Post by: Artem on December 05, 2018, 20:39:55
You really think that you may be hacked via media player? I am not ready to reduce functionality of app just for security paranoia reasons.
Title: Re: ASLR, CFG
Post by: ita1 on December 07, 2018, 15:12:21
maybe not via Aimp intrinsically (it's infact strictly related to its installed base) but rather via a malformed Multi-format Playback (the same of VLC in the exemple above: "opening the MKV file resulted in calc.exe popping")...

However no problems:
even if regretted, i have switched in favor of an alternative that meets these requirements.
If you fix AIMP in the future, i will be very happy to return one of its users  ;)