[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 07 Jan 2011 05:42:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Jan 2011 00:42:28 -0500
In-reply-to: <047.f95cc51cef591ccd891532ad34c27f01@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.f95cc51cef591ccd891532ad34c27f01@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2358: Windows ASLR is not enabled for tor.exe, and DEP should be forced
-------------------------+--------------------------------------------------
 Reporter:  special      |       Owner:                    
     Type:  enhancement  |      Status:  needs_review      
 Priority:  normal       |   Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client   |     Version:                    
 Keywords:               |      Parent:                    
-------------------------+--------------------------------------------------

Comment(by special):

 I can't find a clear answer on this; ASLR is definitely enabled for the
 executable's address with this patch, but DLLs that don't have dynamicbase
 set may not be randomized. That must happen while building the DLL. It
 would probably be worth putting similar logic into libevent, and perhaps
 openssl, to prevent exploits from leveraging those to gain some sort of
 access.

 From my understanding, after this patch, the most important parts (Tor
 itself, and all system DLLs used by Tor) will be randomized.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2358#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
Next by Author: Re: [tor-bugs] #2345 [Tor Relay]: Total Traffic via GETINFO
Previous by thread: Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
Next by thread: Re: [tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
Index(es):
- Author
- Thread