[tor-bugs] #20322 [Applications/Tor Browser]: SafeSEH support for mingw-w64 for Tor Browser on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 10 13:27:35 UTC 2017
#20322: SafeSEH support for mingw-w64 for Tor Browser on Windows
-------------------------------------------------+-------------------------
Reporter: bugzilla | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201711, | Actual Points:
GeorgKoppen201711 |
Parent ID: #21777 | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:6 gk]:
> I did some digging and with our GCC-based toolchain this is tricky right
now.
Read comment:3. There is nothing tricky in adding one flag.
> Thus, it makes no sense to fix this bug right now for the current
toolchain.
Quite the opposite.
> There is a very real security benefit to this, mainly because it's so
easy for malware to corrupt the SEH chain. Once the SEH chain is
corrupted, it's typically very easy to cause an exception, at which point
the exception handling machinery will go and dispatch execution to the
handlers indicated in the chain. If a handler points into a DLL which
doesn't have NO-SEH or SAFESEH, execution will transfer to that address
without trouble.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20322#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list