[tor-bugs] #15138 [Tor Browser]: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 7 14:25:35 UTC 2015
#15138: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
--------------------------+------------------------------------------------
Reporter: tom | Owner: tom
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-security, TorBrowserTeam201504
Resolution: | Parent ID:
Actual Points: |
Points: |
--------------------------+------------------------------------------------
Comment (by cypherpunks):
Replying to [comment:8 tom]:
> As far as stack canaries go, it's possible to build a signature for them
and look at the executables to see if they have it, but I couldn't find
one for /GS (Visual Studio-compiled) binaries, so it's even less likely
one exists for gcc-for-windows cross-compiled binaries. I will try and
identify manually if this compiler option is missing as I get my build
machine back up and building, but as before, it's not as big a deal as
missing DEP or ASLR.
It's possible to detect stack protection for gcc-for-windows cross-
compiled binaries if libssp-0.dll was dynamically linked (like it does
TorBrowser for Windows), then binaries with protected functions imports
`__stack_chk_fail` and `__stack_chk_guard` from it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15138#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list