[tor-bugs] #2358 [Tor Client]: Windows ASLR is not enabled for tor.exe, and DEP should be forced
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jan 6 23:40:10 UTC 2011
#2358: Windows ASLR is not enabled for tor.exe, and DEP should be forced
-------------------------+--------------------------------------------------
Reporter: special | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
-------------------------+--------------------------------------------------
To mitigate the potential impact of vulnerabilities, the Tor executable
for Windows should be built with support for Address Space Layout
Randomization. See http://www.ziki.com/fr/gcouprie+37899/post/enable-dep-
and-aslr-with-mingw+10897502 for a potentially dated explanation of how
this could be done for MinGW.
Additionally, Tor should permanently enable DEP by calling
[http://msdn.microsoft.com/en-us/library/bb736299(v=VS.85).aspx
SetProcessDEPPolicy] at startup. By default, non-server versions of
Windows only apply DEP to processes that opt-in with this call, and it
prevents the possibility of malicious code causing the process to opt out.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2358>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list