Opened 18 months ago

Closed 18 months ago

Last modified 16 months ago

#29081 closed defect (fixed)

libwinpthread.dll has no ASLR

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-rbm, TorBrowserTeam201901R, GeorgKoppen201901, tbb-backported
Cc: boklm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Daniel Paesa reported that our libwinpthread library has no ASLR. We should fix that (and make it DEP as well, while we are at it).

This is obsolete once we moved to our new toolchain but it take some time until we have converted all relevant projects to it...

Child Tickets

Change History (6)

comment:1 Changed 18 months ago by gk

Keywords: TorBrowserTeam201901R added; TorBrowserTeam201901 removed
Status: newneeds_review

bug_29081 ( has a patch for review. I tested that the flags are right now both for i686 and x86_64 and that the library is still built reproducibly.

It's a bit sad that we can't use [% c("var/LDFLAGS") %] easily here and thus have to duplicate the flags. But I guess that's okay for now as we are moving to mingw-w64/clang anyway.

comment:2 Changed 18 months ago by watt

libwinpthread.dll? What is it still doing in Tor?

comment:3 Changed 18 months ago by boklm

Keywords: tbb-backport added
Resolution: fixed
Status: needs_reviewclosed

This looks good to me. I merged this patch to master as commit 358b3b15be6c35810b166625c9331d6ef5071bee.

I am also adding the tbb-backport keyword.

comment:4 Changed 18 months ago by watt

Tor doesn't use it! And where is --high-entropy-va?

comment:5 Changed 16 months ago by gk

Keywords: tbb-backport, tbb-security, tbb-rbm, TorBrowserTeam201901R, GeorgKoppen201901tbb-security, tbb-rbm, TorBrowserTeam201901R, GeorgKoppen201901, tbb-backport

comment:6 Changed 16 months ago by gk

Keywords: tbb-backported added; tbb-backport removed

Picking this up for 8.0.x with commit 2da5df458e3aa88a578210a1dc22a46387e39fba on maint-8.0.

Note: See TracTickets for help on using tickets.