Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries

2019-12-09 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  needs_information => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries

2019-09-12 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 Another one since esr68 is `liblgpllibs.so`. I guess part of this ticket
 is to figure first out which of the errors are actually false positives
 and which need to get addressed. We can then file new tickets for the
 latter and adapt our test tools accordingly.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries

2019-05-09 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by boklm):

 From https://wiki.debian.org/HardeningWalkthrough:

 Stack Protected: When an executable was built without any character
 arrays being allocated on the stack, this check will lead to false alarms
 (since there is no use of stack_chk_fail, even though it was compiled with
 the correct options.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries

2019-05-09 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by boklm):

 The current list of binaries that we skip in our `readelf_stack_canary`
 test is:
 {{{
 abicheck
 gtk2/libmozgtk.so
 libmozalloc.so
 libmozgtk.so
 libnssckbi.so
 libplc4.so
 libplds4.so
 TorBrowser/Tor/libstdc++/libstdc++.so.6
 TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so
 TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so
 TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so
 TorBrowser/Tor/PluggableTransports/fte/cDFA.so
 TorBrowser/Tor/PluggableTransports/meek-client-torbrowser
 TorBrowser/Tor/PluggableTransports/twisted/python/_initgroups.so
 TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so
 TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so
 
TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.so
 TorBrowser/Tor/PluggableTransports/meek-client
 TorBrowser/Tor/PluggableTransports/obfs4proxy
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries

2017-09-19 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 Replying to [comment:21 cypherpunks]:
 > Shouldn't you pass SSP flags to `DLLFLAGS` to get it working with NSS,
 like in https://gitweb.torproject.org/builders/tor-browser-
 build.git/tree/projects/firefox/build#n77?

 This issue happens on Linux, so it seems that `DLLFLAGS` won't help us
 here. Or are you referring to comment:12?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries (was: Some stack canaries are still missing on Tor Browser binaries on Linux)

2017-09-18 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by cypherpunks):

 * status:  new => needs_information


Comment:

 Shouldn't you pass SSP flags to `DLLFLAGS` to get it working with NSS,
 like in https://gitweb.torproject.org/builders/tor-browser-
 build.git/tree/projects/firefox/build#n77?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries on Linux

2017-05-12 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries on Linux
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by boklm):

 In ESR52 builds, `libmozsandbox.so` is also missing stack canaries.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries on Linux

2016-12-12 Thread Tor Bug Tracker & Wiki 
#13056: Some stack canaries are still missing on Tor Browser binaries on Linux
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)
 * severity:   => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs