Re: [tor-bugs] #15138 [Tor Browser]: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#15138: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
--------------------------+------------------------------------------------
     Reporter:  tom       |      Owner:  tom
         Type:  defect    |     Status:  new
     Priority:  normal    |  Milestone:
    Component:  Tor       |    Version:
  Browser                 |   Keywords:  tbb-security, TorBrowserTeam201504
   Resolution:            |  Parent ID:
Actual Points:            |
       Points:            |
--------------------------+------------------------------------------------

Comment (by cypherpunks):

 Replying to [comment:8 tom]:
 > As far as stack canaries go, it's possible to build a signature for them
 and look at the executables to see if they have it, but I couldn't find
 one for /GS (Visual Studio-compiled) binaries, so it's even less likely
 one exists for gcc-for-windows cross-compiled binaries.  I will try and
 identify manually if this compiler option is missing as I get my build
 machine back up and building, but as before, it's not as big a deal as
 missing DEP or ASLR.

 It's possible to detect stack protection for gcc-for-windows cross-
 compiled binaries if libssp-0.dll was dynamically linked (like it does
 TorBrowser for Windows), then binaries with protected functions imports
 `__stack_chk_fail` and `__stack_chk_guard` from it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15138#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs