[Pidgin] #17342: Windows Pidgin builds suffer from broken ASLR

Pidgin trac at pidgin.im
Mon Sep 17 12:20:05 EDT 2018


#17342: Windows Pidgin builds suffer from broken ASLR
--------------------+---------------------------
 Reporter:  DrWhax  |      Owner:
     Type:  defect  |     Status:  new
Milestone:          |  Component:  pidgin (gtk)
  Version:  2.13.0  |   Keywords:  security aslr
--------------------+---------------------------
 Hi,

 I was battling with mingw-w64 for pidgin-otr and came across this cmu.edu
 blogpost about it: https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-
 not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html

 When looking at the last screenshot(@olabini pointed me to it), it shows
 Pidgin suffers from the relocation table issue.

 After running the python script link I can say that the latest Pidgin 2.13
 release still suffers from broken ASLR.

 {{{
 python checkaslr.py pidgin/
 Crawling root directory: /home/user/QubesIncoming/personal1/ ...
 The following files are linked with /DYNAMICBASE, but may not be
 compatible with ASLR:
 /home/user/xxx/pidgin-2.13.0.exe : 0x400000
 }}}

 Mitigation is listed in the blogpost by cmu.edu

--
Ticket URL: <https://developer.pidgin.im/ticket/17342>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list