[tor-bugs] #22563 [Applications/Tor Browser]: Many memory pages in tor.exe for Windows violate W^X
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 12 20:24:48 UTC 2017
#22563: Many memory pages in tor.exe for Windows violate W^X
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner:
| arthuredelstein
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: windows tor-client win32 tor-relay | Actual Points:
security hardening 031-backport, |
TorBrowserTeam201707 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
As you "have stolen" this ticket from Core Tor :), it should be noted that
the right fix for this bug is, as Jonathan Yong
[https://sourceforge.net/p/mingw-w64/discussion/723798/thread/2f2c014b/#e385/9720/259e
suggested], to "Use proper dllimport/dllexport in your code to avoid auto-
imports." To check that you should compile Tor with `--disable-auto-
import` for MinGW-w64.
Arthur could also make Firefox compile with `--disable-auto-import` (and
also explain Mozillians why not to use `-mnop-fun-dllimport`) and get
another one bounty ;)
In general, MinGW-w64 should remove `--enable-auto-import` by default,
because future releases of Windows can enforce security, and such tricks
will fail. Maybe, Arthur, might explain MinGW-w64 guys that they shouldn't
"fix" incompatible programs (by default at least) with this dirty hack,
which Arthur made much less dirty! (Ask for bounty from all
MinGW-w64-based software vendors ;)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22563#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list