0

Our security team has come up an issue for our electron application we have developed using npm. How could an electron app be compiled and packaged with the following specific flags enabled as "True" for DLLs: ffmpeg.dll, d3dcompiler_47.dll, vk_swiftshader.dll, vulkan-1.dll, Uninstall MyApp.exe, resources/elevate.exe, swiftshader/libEGL.dll, swiftshader/libGLESv2.dll?

Below are the flags: Authenticode ASLR SafeSEH Control Flow Guard High Entropy VA

looking for some resolution to set these flags using Jquery or Node. js. Is there any tool to verify the flags if we resolve them with any possible JS changes?

Praveen Kumar
  • 1
  • Authenticode and CFG are not flags. Only the vendor can provide these features, not you. Things like ASLR and high entropy VA *are* flags, but whether a DLL has them turned on is irrelevant, since only the entry executable actually controls this behavior, and that is what should have them turned on (assuming everything's compatible, of course). All in all, it reads as if someone was going down a checklist of features they don't really understand, they just know "management wants this turned on for all binaries, I think". That's not how actual security works. – Jeroen Mostert May 24 '23 at 12:05

0 Answers0