[tor-bugs] #13056 [Tor Browser]: Some stack canaries are still missing on Tor Browser binaries on Linux
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 7 11:33:59 UTC 2015
#13056: Some stack canaries are still missing on Tor Browser binaries on Linux
-----------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by cypherpunks):
{{{
libmozalloc.so
libnssckbi.so
libplc4.so
libplds4.so
}}}
Was any of those reported as protected for any previous versions?
`hardening-wrapper` (1.25) packaged for `lucid` using `-fstack-protector`
which can't cover any functions from those libs (it needs proof, but brief
reading code show that functions are small enough to be protected). If no
protected functions then no detection code compiled and no canaries
support reported.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13056#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list