Re: [tor-bugs] #22267 [Applications/Tor Browser]: Windows build of esr52 Tor Browser has no relocs, SSP and DEP/ASLR flags (was: Windows build of esr52 Tor Browser has no DEP/ASLR)

[Tor Bug Tracker & Wiki]

#22267: Windows build of esr52 Tor Browser has no relocs, SSP and DEP/ASLR flags
-------------------------------------------------+-------------------------
 Reporter:  boklm                                |          Owner:  boklm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  TorBrowserTeam201705R, tbb-          |  Actual Points:
  security, ff52-esr, tbb-7.0-must               |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by cypherpunks):

 * severity:  Normal => Major


Comment:

 It has DEP, because you are using SetProcessDEPPolicy(), but it can't even
 be forced into ASLR without the .reloc section. (Checking real
 availability of mitigations, and not only flags, would be neat.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22267#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs