Opened 6 years ago

Closed 2 years ago

#10514 closed enhancement (worksforme)

Add bufferoverflow protection to Tor

Reported by: bastik Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client 024-backport 023-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It appears like Tor.exe is not compiled with buffer overflow protection enabled.

https://en.wikipedia.org/wiki/Buffer_overflow_protection

Please just enable them.

Child Tickets

Change History (7)

comment:1 Changed 6 years ago by nickm

Milestone: Tor: 0.2.4.x-final
Priority: normalmajor

Is this something to do in our compiler options, or while building? We really ought to be doing all our bundles with --enable-gcc-hardening (on by default). Does that not include some option that it should on windows?

comment:2 Changed 6 years ago by bastik

Usually I used an alternate TaskMananger to check if a running process would have DEP and ASLR enabled, but some when I came across "PeStudio" which analyzes the PE header of a binary without executing it.

I used on outdated version of "PeStudio" which showed the following indicator for Tor.exe (from the TorBrowserBundle 3.5, but also for Tor.exe from the Vidalia Bridge Bundle):

"The image does NOT use Cookies placed on the Stack (GS) as Mitigation technique"

I'm not sure what the course of action is and I assumed that this would be a technique that works on all major platforms.

The windows resource for this are:

From an article "GS compiler switch is a cookie which is placed in between the buffer and return address." (http://www.ksyash.com/2011/01/buffer-overflow-protection-3/)

I know that Tor uses defense-in-depth for various things, but not how well everything works.

comment:3 Changed 6 years ago by bastik

PeStudio also tells me "The image does NOT use Code Integrity", not sure how important that would be.

comment:4 Changed 6 years ago by nickm

Keywords: tor-client 024-backport 023-backport added
Milestone: Tor: 0.2.4.x-finalTor: 0.2.5.x-final

As soon as somebody gets this working under mingw, I say we backport it everywhere.

comment:5 Changed 6 years ago by cypherpunks

GCC has no GS compiler switch. GS used by MSVC.
Tor supports GCC's Stack Smashing Protector if built with MinGW.

comment:6 Changed 5 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: unspecified

Assuming that we're built with GCC (and we are), we're using GCC's SSP code, which is the equivalent. If we ever support MSVC as an official build platform, we should add code to turn this on.

comment:7 Changed 2 years ago by nickm

Resolution: worksforme
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.