[tor-bugs] #10065 [Tor bundles/installation]: Improve Hardening for TBB3.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 22 17:20:30 UTC 2014
#10065: Improve Hardening for TBB3.0
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: erinn
Type: defect | Status: accepted
Priority: major | Milestone:
Component: Tor | Version:
bundles/installation | Keywords: tbb-3.0, gitian, tbb-
Resolution: | security
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by erinn):
-pie is definitely the culprit. I built two TBBs: one with DEP/ASLR and no
-pie and another with DEP/ASLR and -pie. The latter crashes and the former
doesn't. I also get the same wrong AddressOfEntryPoint (00001000) in the
build with -pie whereas in the non-pie build I get the correct one
(000014b0).
It took a little wrangling but I eventually got all of the libs we build
building with DEP/ASLR (this is including the Firefox libs). I think we
should consider extending that to the libssp we build in mingw-64, but I
didn't look into how to do that yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list