The security team at my company has flagged our InnoSetup built installer as not having proper ASLR support. This surprised me as the option is set by default.
Upon examining the code I found the following in CompExeUpdate.pas:
{ Note: because we stripped relocations from Setup(Ldr).e32 during
compilation IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE won't actually
enable ASLR, but allow setting it anyway to make checkers happy. }
I think this is just saying that the option doesn't really work? It sets one flag, which will make some checkers happy, but the full support isn't there? Do I have that right?
Would it be possible for ASLR support to actually be added?
Thanks!