[tbb-bugs] #13056 [Tor Browser]: Some stack canaries are still missing on Tor Browser binaries on Linux

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 7 11:33:59 UTC 2015


#13056: Some stack canaries are still missing on Tor Browser binaries on Linux
-----------------------------+--------------------------
     Reporter:  gk           |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-security
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------

Comment (by cypherpunks):

 {{{
 libmozalloc.so
 libnssckbi.so
 libplc4.so
 libplds4.so
 }}}
 Was any of those reported as protected for any previous versions?
 `hardening-wrapper` (1.25) packaged for `lucid` using `-fstack-protector`
 which can't cover any functions from those libs (it needs proof, but brief
 reading code show that functions are small enough to be protected). If no
 protected functions then no detection code compiled and no canaries
 support reported.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13056#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list