[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
#2358: Windows ASLR is not enabled for tor.exe, and DEP should be forced
-------------------------+--------------------------------------------------
Reporter: special | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
-------------------------+--------------------------------------------------
Comment(by special):
I can't find a clear answer on this; ASLR is definitely enabled for the
executable's address with this patch, but DLLs that don't have dynamicbase
set may not be randomized. That must happen while building the DLL. It
would probably be worth putting similar logic into libevent, and perhaps
openssl, to prevent exploits from leveraging those to gain some sort of
access.
From my understanding, after this patch, the most important parts (Tor
itself, and all system DLLs used by Tor) will be randomized.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2358#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs