[tbb-bugs] #12968 [Applications/Tor Browser]: Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 15 18:47:24 UTC 2018

#12968: Specify HEASLR (High Entropy Address Space Layout Randomization) in
 Reporter:  mikeperry                            |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, tbb-rbm, ff60-esr,     |  Actual Points:
  boklm201807, TorBrowserTeam201808              |
Parent ID:  #24631                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by heaslr):

 Replying to [comment:32 gk]:
 > Replying to [comment:16 boklm]:
 > > There is a patch for review in branch `bug_12968`, adding the `-Wl
 ,--high-entropy-va` flag in the Windows x86_64 build:
 Windows has protections from cheaters like you who set that bit in
 executables by linker or by notepad ;)

 Replying to [comment:26 sukhbir]:
 > I tried (today) with `-mcmodel=medium`, `-mcmodel=large` (both with
 boklm's changes above and the GCC patch) and we have a similar if not the
 same error.
 Never try to change something which effect you don't know: we don't want
 executables >2 GiB, even for data. Also for you ->
 > As to why it works for ffmpeg, it seems they are using the same flags so
 I am not sure; I am going to compare the toolchain and see if there is a
 difference there.
 You were asked many times to stop using debug-grade gcc's crap in
 production code ;)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12968#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list