[tor-bugs] #12968 [Applications/Tor Browser]: Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 27 17:38:24 UTC 2018


#12968: Specify HEASLR (High Entropy Address Space Layout Randomization) in
MinGW-w64
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, tbb-rbm, ff60-esr,     |  Actual Points:
  TorBrowserTeam201806, boklm201806              |
Parent ID:  #24631                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by sukhbir):

 As an update, I have been trying to build and find a solution for this
 with boklm's changes above, and it fails with a similar error to the one
 boklm had.

 As per the `ffmpeg` commit, they apply `--image-base,0x140000000` to get a
 higher entropy for HEASLR. Since that is not working for us, how about we
 just go with `-Wl,--high-entropy-va` for now till we find a solution?

 There are other "solutions", that use `-Wl,--image-base,0x10000000`
 instead (and rebase the address later?) and that seems to work, for the
 build and for the final EXE as well. However, this comes with its own set
 of caveats: https://www.cygwin.com/ml/cygwin-apps/2013-05/msg00134.html is
 the thread that talks about this.

 For inspecting the binary, as per https://bugs.debian.org/cgi-
 bin/bugreport.cgi?bug=836365, I inspected both with `-Wl,--image-
 base,0x10000000` and `-Wl,--high-entropy-va`:

 {{{
 $ readpe firefox.exe | grep DLL
 DLL characteristics:             0x160
 }}}

 Indicates that HEASLR was applied in both cases, so if anything, we lose
 out on the extra entropy?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12968#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list