[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20322 [Applications/Tor Browser]: SafeSEH support for mingw-w64 for Tor Browser on Windows

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #20322 [Applications/Tor Browser]: SafeSEH support for mingw-w64 for Tor Browser on Windows
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 10 Dec 2017 13:27:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 10 Dec 2017 08:27:47 -0500
In-reply-to: <048.523a1cfaf15b166cf4feefadf5589bc7@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.523a1cfaf15b166cf4feefadf5589bc7@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20322: SafeSEH support for mingw-w64 for Tor Browser on Windows
-------------------------------------------------+-------------------------
 Reporter:  bugzilla                             |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201711,  |  Actual Points:
  GeorgKoppen201711                              |
Parent ID:  #21777                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:6 gk]:
 > I did some digging and with our GCC-based toolchain this is tricky right
 now.
 Read comment:3. There is nothing tricky in adding one flag.
 > Thus, it makes no sense to fix this bug right now for the current
 toolchain.
 Quite the opposite.
 > There is a very real security benefit to this, mainly because it's so
 easy for malware to corrupt the SEH chain. Once the SEH chain is
 corrupted, it's typically very easy to cause an exception, at which point
 the exception handling machinery will go and dispatch execution to the
 handlers indicated in the chain. If a handler points into a DLL which
 doesn't have NO-SEH or SAFESEH, execution will transfer to that address
 without trouble.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20322#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #23881 [Core Tor/Tor]: Implement a way to utilise tor's logging system from Rust code
Next by Author: Re: [tor-bugs] #22990 [Metrics/Library]: Add a heartbeat log message indicating progress and estimated time left
Previous by thread: Re: [tor-bugs] #20688 [Webpages/Website]: OpenBSD missing from systems that 'work best' with relays
Next by thread: [tor-bugs] #24574 [Webpages/Website]: Use English "singular they" at a few places
Index(es):
- Author
- Thread