[tor-bugs] #22267 [Applications/Tor Browser]: Windows build of esr52 Tor Browser has no relocs, SSP and DEP/ASLR flags (was: Windows build of esr52 Tor Browser has no DEP/ASLR)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat May 20 17:41:49 UTC 2017


#22267: Windows build of esr52 Tor Browser has no relocs, SSP and DEP/ASLR flags
-------------------------------------------------+-------------------------
 Reporter:  boklm                                |          Owner:  boklm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  TorBrowserTeam201705R, tbb-          |  Actual Points:
  security, ff52-esr, tbb-7.0-must               |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by cypherpunks):

 * severity:  Normal => Major


Comment:

 It has DEP, because you are using SetProcessDEPPolicy(), but it can't even
 be forced into ASLR without the .reloc section. (Checking real
 availability of mitigations, and not only flags, would be neat.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22267#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list