Indeed, the generic VeraCrypt Linux binaries suffer from this issue but the binaries created for each distribution (Ubuntu, Debian, CentOS 8, OpenSUSE) are not affected.
This is because generic binaries are built using old toolchain on CentOS 6 and CentOS 7 in order to ensure maximum compatibility.
@idrassi
I recently checked VeraCrypt Linux generic binaries which I'm using and it seems that they suffer from the ASLR weakning as described in the article Toolchain Necromancy: Past Mistakes Haunting ASLR
https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
Script check_align.sh:
https://github.com/opensrcsec/paxtest/blob/master/contrib/check_align.sh
Is it makes sense and is it possible to recompile VeraCrypt binaries with reduced MAXPAGESIZE?
Last edit: Enigma2Illusion 2024-07-05
@morton-f
Thank you for the feedback.
Indeed, the generic VeraCrypt Linux binaries suffer from this issue but the binaries created for each distribution (Ubuntu, Debian, CentOS 8, OpenSUSE) are not affected.
This is because generic binaries are built using old toolchain on CentOS 6 and CentOS 7 in order to ensure maximum compatibility.
I have pushed a change to ensure that even binaries built on CentOS 6 and CentOS 7 have reduced MAXPAGESIZE during link: https://sourceforge.net/p/veracrypt/code/ci/491c2670e52f572e440676b3c6bf91a89c924e6a/
Upcoming binaries will thus be safe.
Thank you for the report.
@morton-f
I have build new package containing Linux generic installers that fix this ASLR issue and you can get it from Nightly Builds folders at https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/Linux/veracrypt-1.26.12-setup.tar.bz2/download
Thank you very much indeed for swift and effective reaction and for all what you are doing!