Combability with .NET ReadyToRun and Self-Contained

[shaopeng-gh]

This just is to note that Binskim combability with .NET ReadyToRun and self-contained could be looked into. with p:PublishReadyToRun=true and --self-contained

With PublishReadyToRun the section alignment changed to 200 from 2000. Binskim will fail with PublishReadyToRun while pass without. Not sure if it is a security issue or by design.

full command "C:\Program Files\dotnet\dotnet.exe" publish C:\Sources\Repos\aaa\aaa.csproj --configuration Debug --output C:\Sources\Repos\aaa\linux-x64\aaa -r linux-x64 p:PublishReadyToRun=true --self-contained --framework net6.0

[error]7. BinSkim Error BA2021 - File: build/linux-x64/aaa/aaa.dll.

Tool: BinSkim: Rule: BA2021 (DoNotMarkWritableSectionsAsExecutable). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2021DoNotMarkWritableSectionsAsExecutable 'aaa.dll' has a section alignment (0x200) that is smaller than its page size (0x1000).

[shaopeng-gh]

User report that BinSkim BA2021 could have compatibility issue with R2R Linux binaries

This issue is created to investigate if below check should be removed/revised

// TODO: do we really require this check? What is the proposed fix to this issue? 
if (peHeader.SectionAlignment < PAGE_SIZE)
{
    // '{0}' has a section alignment ({1}) that is less than its page size ({2}).
    context.Logger.Log(this,
        RuleUtilities.BuildResult(FailureLevel.Error, context, null,
            nameof(RuleResources.BA2021_Error_UnexpectedSectionAligment),
            context.CurrentTarget.Uri.GetFileName(),
            "0x" + peHeader.SectionAlignment.ToString("x"),
            "0x" + PAGE_SIZE.ToString("x")));
    return;
}

To repro, download official C# extension Linux x64 version from https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.csharp

[GrumpyCytokine]

We also encountered this issue, in binaries compiled for Linux only. Binaries compiled for Windows do not raise error BA2021.

[shaopeng-gh]

Thanks for adding the feedback.