Opened 4 years ago

Last modified 3 months ago

#8918 reopened defect

Windows paging file contains Tor Browser Bundle filename

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the Windows paging file, C:\pagefile.sys, contains the filename for the Tor Browser Bundle executable.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by runa

  • Keywords tbb-disk-leak added

comment:2 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:3 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team

comment:4 Changed 16 months ago by bugzilla

  • Keywords tbb-disk-traces added; tbb-disk-leak needs-triage removed
  • Resolution set to invalid
  • Severity set to Normal
  • Status changed from new to closed

Are you really going to run TBB in non-paged memory only? Madness...

comment:5 follow-up: Changed 16 months ago by gk

  • Keywords tbb-disk-leak added; tbb-disk-traces removed
  • Resolution invalid deleted
  • Status changed from closed to reopened

Please, don't invent new keywords out of the box and don't close tickets even if there is no obvious workaround or fix imaginable at the moment. Thanks.

comment:6 in reply to: ↑ 5 Changed 3 months ago by cypherpunks

Replying to gk:

Please, don't invent new keywords out of the box and don't close tickets even if there is no obvious workaround or fix imaginable at the moment. Thanks.

Unless you encrypt all of Firefox's memory with an encryption key, and put that encryption key in non-paged memory, then you're not going to be able to keep all of Firefox off of the disk. Imagine how bad the performance hit for that would be! Forget the filename for the executable, everything in memory for Firefox is eligible to be paged out to the disk. Just like Linux's mlock(), Windows' VirtualLock() imposes a limit on how many pages you are allowed to lock per process. If Windows is anything at all like Linux in how it handles locked, non-paged memory (which I believe), I would have closed this ticket too.

The real solution for Windows for the stated threat model is to run this in cmd.exe, running as Administrator, in order to encrypt the paging file with a key stored in memory:

fsutil behavior set EncryptPagingFile 1

Note: See TracTickets for help on using tickets.