Opened 5 years ago

Closed 5 years ago

#13556 closed defect (invalid)

our ASLR is apparently not properly enabled

Reported by: erinn Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: tom@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by erinn)

According to someone on twitter who just investigated my claim that Tor Browser was ASLR-enabled, this is not actually true. They took a screenshot with VMMap Sysinternals which I've attached.

I'm not sure when I'll be able to look into this -- hopefully this weekend. It would be great if someone else could figure out what's going on. I'm not able to access the Windows VM at the moment, but I looked through the objdump output of the DLLs and they seemed fine to me, but clearly something is missing.

Marking this is major since it's bad if true. Adding Tom Ritter since he might be able to help.

Child Tickets

Attachments (3)

B0rNkAhCcAIcx5h.png:large (183.3 KB) - added by erinn 5 years ago.
aslr-tor.exe.png (31.5 KB) - added by erinn 5 years ago.
aslr-firefox.exe.png (33.6 KB) - added by erinn 5 years ago.

Download all attachments as: .zip

Change History (7)

Changed 5 years ago by erinn

Attachment: B0rNkAhCcAIcx5h.png:large added

comment:1 Changed 5 years ago by erinn

Description: modified (diff)

comment:2 Changed 5 years ago by tom

Thanks Erinn! I replied on twitter that I could not replicate using TBB 4.0 & SysInternals: http://i.imgur.com/Zoid9tO.png

I'm not sure if I'm misunderstanding the tooling here, we have crossed versions, or something else.

Using VMMap on both firefox.exe and tor.exe shows all 'Images' as ASLR. (Again for 4.0)

Last edited 5 years ago by tom (previous) (diff)

comment:3 Changed 5 years ago by erinn

I checked for myself and I can confirm everything is ASLR-enabled. Adding my own screenshots too.

Changed 5 years ago by erinn

Attachment: aslr-tor.exe.png added

Changed 5 years ago by erinn

Attachment: aslr-firefox.exe.png added

comment:4 Changed 5 years ago by erinn

Resolution: invalid
Status: newclosed

And now closing.

Note: See TracTickets for help on using tickets.