Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Since Go 1.15: Go now generates Windows ASLR executables by default.
 ticket:29694#comment:4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Since Go 1.14: Go binaries on Windows now have DEP (Data Execution
 Prevention) enabled.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Since Go 1.13: The Windows version specified by internally-linked Windows
 binaries is now Windows 7 rather than NT 4.0.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 `obfs4proxy.exe` is a legacy `/SUBSYSTEM:CONSOLE,4.0` app without `.reloc`
 section, running in a virtualized,  "Windows NT 4.0"-compatible mode (as
 `tor.exe).

 https://github.com/golang/go/issues/27144 and
 https://github.com/golang/go/issues/27583

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Closed #16417 as a duplicate for this more specific one. Yawning's
 comment, however is probably still valid:
 {{{
 Anything that's Go based won't ever have either, because the upstream Go
 maintainers place way too much faith in their compiler and runtime to
 allow for such things. I think this is shortsighted and stupid (Golang
 binaries are also statically linked so ASLR seems somewhat less useful).
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, tbb-security |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 For posterity here comes the 32bit output
 {{{
 Checking obfs4proxy.exe for /DYNAMICBASE... FAIL
 Checking obfs4proxy.exe for /NXCOMPAT... FAIL
 Checking obfs4proxy.exe for /SAFESEH... FAIL
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31716 [Applications/Tor Browser]: Harden obfs4proxy.exe shipped with Tor Browser

[Tor Bug Tracker & Wiki]

#31716: Harden obfs4proxy.exe shipped with Tor Browser
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-rbm, tbb-
  |  security
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Right now we have something like
 {{{
 Checking obfs4proxy.exe for /DYNAMICBASE... FAIL
 Checking obfs4proxy.exe for /NXCOMPAT... FAIL
 Checking obfs4proxy.exe for /SAFESEH... PASS
 Checking /obfs4proxy.exe ImageBase (0x40 < 4GB)... FAIL
 }}}
 for 64bit versions and a similar output for 32bit ones. We should get rid
 of the `FAIL`s.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs