[tor-bugs] #22660 [Core Tor/Tor]: Guard against stack smashing attacks in tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 29 15:51:24 UTC 2017
#22660: Guard against stack smashing attacks in tor
-------------------------------------------------+-------------------------
Reporter: teor | Owner: nickm
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hardening, security, | Actual Points:
029-backport, 030-backport, 031-backport, |
review-group-19 |
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by dgoulet):
* status: needs_review => needs_revision
Comment:
I do also get `/usr/bin/ld: warning: -z noexecheap ignored.` quite a bit.
I think it's because it simply doesn't exist on my system. I can't find
that `noexecheap` in the man page ld.1. According to
https://www.owasp.org/index.php/C-Based_Toolchain_Hardening#GCC.2FBinutils,
it was added in binutils 2.14 but I'm on 2.28... I've looked through the
source code of binutils package and I can't find that `noexecheap` string
so it might have been removed?...
Maybe `TOR_CHECK_LDFLAGS()` doesn't fully detect the "ignored parameter"
because it's not an "error"? dunno
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22660#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list