On 2017/7/9 14:06, Arthur D. Edelstein wrote:
Hi, I am proposing a patch here to deal with a problem found in a
cross-compiled Tor Browser and Tor Expert Bundle. Using VMMap on
Windows, we observed Execute/Read/Write (XRW) and
Execute/Copy-on-Write pages (X/COW) in some DLLs and the Tor
executable, even though the .text sections for these binaries were
marked with the Execute/Read-only (XR) flag. Obviously this is
undesirable from a security viewpoint.
(... abridged ...)
I haven't tested your patch, but after a quick view of your patch (from
the other mail) I shall vote for it because that is also what I do in my
own implementation of runtime pseudo relocation, which obtains the size
of memory areas to be unprotected or reprotected by querying the section
table from the PE header, rather than calling `VirtualQuery()` after the
memory is unprotected.
Furthermore, should the sizes of sections be obtained from the PE
header, it is possible to unprotect all sections before performing the
actual relocation, instead of checking whether the address has been
marked writeable for each entry in the reloc table. The `the_secs` table
is then initialized and never modified, eliminating the need to push
elements into it inside `__write_memory()` by calling
`mark_section_writable()`. This not only improvements the performance of
the entire process, but also simplifies the design.
--
Best regards,
LH_Mouse
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Mingw-w64-public mailing list
Mingw-w64-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
