[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15138 [Applications/Quality Assurance and Testing]: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
#15138: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
-------------------------------------------------+-------------------------
Reporter: tom | Owner: boklm
Type: task | Status:
| assigned
Priority: Medium | Milestone:
Component: Applications/Quality Assurance and | Version:
Testing |
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-testcase, | Actual Points:
ff38-esr, tbb-hardened, TorBrowserTeam201610 |
Parent ID: | Points:
Reviewer: | Sponsor:
| SponsorU
-------------------------------------------------+-------------------------
Comment (by boklm):
Commit 3178db78b764cdc6b731aaab6ef128d39af88369 is adding a test
`otool_PIE` which is using `otool -hv` to check that executables included
in the OSX bundle are PIE.
In Tor Browser 6.5a3, it reports that the following files are not PIE:
- Contents/MacOS/Tor/PluggableTransports/meek-client
- Contents/MacOS/Tor/PluggableTransports/obfs4proxy
- Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container
- Contents/MacOS/firefox
- Contents/Resources/webapprt-stub
- Contents/MacOS/updater.app/Contents/MacOS/updater
- Contents/MacOS/Tor/PluggableTransports/meek-client-torbrowser
We have ticket #20439 to fix the firefox binaries. The other files (meek-
client, meek-client-torbrowser, obfs4proxy) are `golang` programs. I will
add an exception for the `golang` programs, as the Go linker does not
support PIE according to
https://trac.torproject.org/projects/tor/ticket/10935#comment:13.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15138#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs