[tbb-bugs] #13556 [Tor Browser]: our ASLR is apparently not properly enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 24 01:48:04 UTC 2014


#13556: our ASLR is apparently not properly enabled
-----------------------------+----------------------
     Reporter:  erinn        |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------
Description changed by erinn:

Old description:

> According to someone on twitter who just investigated my claim that Tor
> Browser was ASLR-enabled, this is not actually true. They took a
> screenshot with VMMap Sysinternals which I've attached.
>
> I'm not sure when I'll be able to look into this -- hopefully this
> weekend. It would be great if someone else could figure out what's going
> on. I'm not able to access the Windows VM at the moment, but I looked
> through the objdump output of the DLLs and they seemed fine to me.
>
> Marking this is major since it's bad if true. Adding Tom Ritter since he
> might be able to help.

New description:

 According to someone on twitter who just investigated my claim that Tor
 Browser was ASLR-enabled, this is not actually true. They took a
 screenshot with VMMap Sysinternals which I've attached.

 I'm not sure when I'll be able to look into this -- hopefully this
 weekend. It would be great if someone else could figure out what's going
 on. I'm not able to access the Windows VM at the moment, but I looked
 through the objdump output of the DLLs and they seemed fine to me, but
 clearly something is missing.

 Marking this is major since it's bad if true. Adding Tom Ritter since he
 might be able to help.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13556#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list