[tor-bugs] #10512 [Tor bundles/installation]: Firefox.exe doesn't have DEP enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 19 17:42:15 UTC 2014 

#10512: Firefox.exe doesn't have DEP enabled
------------------------------------------+-------------------------------
     Reporter:  bastik                    |      Owner:  erinn
         Type:  defect                    |     Status:  needs_information
     Priority:  normal                    |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  tbb-security
Actual Points:                            |  Parent ID:  #10065
       Points:                            |
------------------------------------------+-------------------------------

Comment (by bastik):

 Replying to [comment:5 gk]:
 > bastik: How did you test whether DEP was enabled for firefox.exe in TBB
 3.5? The Process Explorer shows "DEP (permanent)" for the one in TBB 3.5
 as well.

 Last time I checked with the default taskmanager and DEP was enabled. I
 use(d) EMET to make every program use DEP, unless it opts-out. Today I
 tried with DEP opt-in and DEP is used for Firefox and TorBrowser as shown
 by the default taskmananger and Process Explorer. The latter shows "DEP
 permanent".

 Back then I used some ancient version of PEStudio to see if it had DEP
 enabled. Maybe I checked with CFF Explorer, too. Today I checked Firefox
 and TorBrowser (3.5.2, the most ancient version I had around) with CFF
 Explorer 8 (VIII) and PEStudio 8.29. Both tell me that Firefox supports
 DEP and TorBrowser not.

 CFF says under NT Headers > Optional Headers > "DLL Characteristics" >
 "Image is NX-compatible" without a checkmark for TorBrowser, but with
 checkmark for Firefox.

 PEStudio changed the interface since I used it. Previously its GUI had a
 star for that. (Star if supported, no star if supported.) Now it writes
 "The image ignores Data Execution Prevention (DEP) as Mitigation
 technique"for TorBrowser and "The image uses Data Execution Prevention
 (DEP) as Mitigation technique" for Firefox.

 Either the two tools are not functioning correctly, maybe because the
 build-process is removing header information or DEP is not functioning. My
 **guess** is that the build-process makes the binary look strange, what
 confuses the tools.

 I have no idea how to test if DEP is actually working, beside writing
 exploit code that relies on DEP to fail or not be present.

 If someone can confirm that DEP is working and/or that the build-process
 is responsible for that (binary looking strange), then this ticket is
 meaningless. Maybe it should be documented, then.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10512#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list