[tor-bugs] #10514 [Tor]: Add bufferoverflow protection to Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 30 09:14:20 UTC 2013
#10514: Add bufferoverflow protection to Tor
-----------------------------+--------------------------------
Reporter: bastik | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by bastik):
Usually I used an alternate TaskMananger to check if a running process
would have DEP and ASLR enabled, but some when I came across "PeStudio"
which analyzes the PE header of a binary without executing it.
I used on outdated version of "PeStudio" which showed the following
indicator for Tor.exe (from the TorBrowserBundle 3.5, but also for Tor.exe
from the Vidalia Bridge Bundle):
"The image does NOT use Cookies placed on the Stack (GS) as Mitigation
technique"
I'm not sure what the course of action is and I assumed that this would be
a technique that works on all major platforms.
The windows resource for this are:
- http://msdn.microsoft.com/en-us/library/8dbf701c.aspx
- http://technet.microsoft.com/en-us/library/ee672187.aspx (BinScope does
not work for me, only errors, but it i s totally outdated as it would
seem.)
From an article "GS compiler switch is a cookie which is placed in between
the buffer and return address." (http://www.ksyash.com/2011/01/buffer-
overflow-protection-3/)
I know that Tor uses defense-in-depth for various things, but not how well
everything works.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10514#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list