[tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jan 7 05:42:19 UTC 2011
#2358: Windows ASLR is not enabled for tor.exe, and DEP should be forced
-------------------------+--------------------------------------------------
Reporter: special | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
-------------------------+--------------------------------------------------
Comment(by special):
I can't find a clear answer on this; ASLR is definitely enabled for the
executable's address with this patch, but DLLs that don't have dynamicbase
set may not be randomized. That must happen while building the DLL. It
would probably be worth putting similar logic into libevent, and perhaps
openssl, to prevent exploits from leveraging those to gain some sort of
access.
From my understanding, after this patch, the most important parts (Tor
itself, and all system DLLs used by Tor) will be randomized.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2358#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list