[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10514 [Tor]: Add bufferoverflow protection to Tor



#10514: Add bufferoverflow protection to Tor
-----------------------------+--------------------------------
     Reporter:  bastik       |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  major        |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by bastik):

 Usually I used an alternate TaskMananger to check if a running process
 would have DEP and ASLR enabled, but some when I came across "PeStudio"
 which analyzes the PE header of a binary without executing it.

 I used on outdated version of "PeStudio" which showed the following
 indicator for Tor.exe (from the TorBrowserBundle 3.5, but also for Tor.exe
 from the Vidalia Bridge Bundle):

 "The image does NOT use Cookies placed on the Stack (GS) as Mitigation
 technique"

 I'm not sure what the course of action is and I assumed that this would be
 a technique that works on all major platforms.

 The windows resource for this are:
 - http://msdn.microsoft.com/en-us/library/8dbf701c.aspx
 - http://technet.microsoft.com/en-us/library/ee672187.aspx (BinScope does
 not work for me, only errors, but it i s totally outdated as it would
 seem.)

 From an article "GS compiler switch is a cookie which is placed in between
 the buffer and return address." (http://www.ksyash.com/2011/01/buffer-
 overflow-protection-3/)

 I know that Tor uses defense-in-depth for various things, but not how well
 everything works.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10514#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs