[tor-bugs] #10505 [Tor]: Broken ASLR in windows executable
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Dec 28 14:22:34 UTC 2013
#10505: Broken ASLR in windows executable
-----------------------+-------------------------------
Reporter: Blueberry | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.4.19
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+-------------------------------
ASLR (Address Space Layout Randomization) is a windows feature to
complicate writing exploits. The provided tor executable in the windows
expert bundle doesn't have full ASLR support.
A windows executable must have two features to fully support ASLR:
1) In the PE header the following DllCharacteristics flag must be set
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE (0x0040). Tor has this value
correctly set.
2) PE relocation table. To successfully randomize the address space of the
executable, the PE loader must know what addresses need to be adjusted.
Therefore to randomize the image base (standard image base: 0x00400000)
the PE file must have a relocation table. Tor is missing the relocation
table. As a result, the image base is always 0x00400000 and this is bad.
The linker should provide a switch to include a relocation table.
PS: Greetings from the 30C3. Nice presentation yesterday.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10505>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list