Opened 3 years ago

Last modified 20 months ago

#20955 new defect

Tor Browser memory hardening

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security
Cc: brade, mcs, gk, tom Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arthuredelstein)

Here's a parent ticket for memory hardening for Tor Browser.

See also notes at doc/TorBrowser/Hardening

Child Tickets

TicketStatusOwnerSummaryComponent
#10281closedarthuredelsteinInvestigate usage of alternate memory allocators and memory hardening optionsApplications/Tor Browser
#20957needs_revisiontbb-teamGet DieHarder working with Tor BrowserApplications/Tor Browser
#20998closedtbb-teamPartition Tor Browser heap with jemallocApplications/Tor Browser
#21030newtbb-teamTest integration of PartitionAlloc/HardenedPartitionAlloc in Tor BrowserApplications/Tor Browser

Change History (9)

comment:1 Changed 3 years ago by mcs

Cc: brade mcs added

comment:2 Changed 3 years ago by arthuredelstein

Description: modified (diff)

comment:3 Changed 3 years ago by gk

Cc: gk added

comment:4 Changed 3 years ago by gk

See: https://glandium.org/blog/?p=2848 for general requirements for a replacement library in Firefox.

comment:5 Changed 3 years ago by tom

Cc: tom added

comment:6 Changed 2 years ago by gk

FreeGuard entered the scene recently: https://arxiv.org/pdf/1709.02746.pdf (with comparisons of Die Harder and the OpenBDS allocator).

comment:7 in reply to:  4 Changed 2 years ago by cypherpunks

Keywords: tbb-security added

Replying to gk:

See: https://glandium.org/blog/?p=2848 for general requirements for a replacement library in Firefox.

It would be better to make Tor Browser ready for this on all platforms beforehand.

comment:8 Changed 2 years ago by cypherpunks

I'm a bit weary about using a memory allocator from a research paper. There are alternatives that are actively developed and regularly used in production systems, like OpenBSD malloc and Copperhead malloc. They also do not come with the risk of the authors not maintaining the source as they move on to another research project. Personally, I would very strongly recommend the Copperhead malloc, as it's an improvement over even the OpenBSD malloc in quite a few ways, and has some very interesting hardening techniques planned for the future.

comment:9 in reply to:  6 Changed 20 months ago by gk

Replying to gk:

FreeGuard entered the scene recently: https://arxiv.org/pdf/1709.02746.pdf (with comparisons of Die Harder and the OpenBDS allocator).

Code can be found on: https://github.com/UTSASRG/FreeGuard.

Note: See TracTickets for help on using tickets.