Opened 3 years ago

#22315 new enhancement

Make use of interceptor to protect memory on Windows (spin-off from #12426)

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

add EnableLowFragmentationHeap() modified from ​https://dxr.mozilla.org/mozilla-esr24/source/ipc/chromium/src/base/process_util_win.cc#867

It was an old approach from Google that couldn't be applied, because it was single-threaded and led to: https://blogs.msdn.microsoft.com/oldnewthing/20110701-00/?p=10273/
So that they added just https://chromium.googlesource.com/chromium/src/+/e4adea20236d1cee76f0c61798b1613e07a7f4c1/chrome/app/chrome_exe_main_win.cc#113 from a well-known approach http://microsoft.public.vsnet.general.narkive.com/vkWRTQaL/low-fragmentation-heap, but with that test https://chromium.googlesource.com/chromium/src/+/95b42e2745a2380a16112a059bd0e842d81f0c0a/base/process_util_unittest.cc#377
So you can add Chromium's solution as fast and easy fix (as in #12426), but for the default heap only.

A more general approach is to use an interceptor for LFH, bottom-up ASLR and other mitigations on every relevant memory allocation:
https://github.com/promised-lu/MemoryProtection/blob/master/MemoryProtection/MemoryProtection.cxx

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.