[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4152 [Core Tor/Tor]: Implement Bottom Up Randomization (Windows platform)



#4152: Implement Bottom Up Randomization (Windows platform)
-------------------------------------------------+-------------------------
 Reporter:  bastik                               |          Owner:  tom
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay windows hardening aslr     |  Actual Points:
  security                                       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:10 tom]:
 > Replying to [comment:9 cypherpunks]:
 > > The correct implementation has already been written in
 https://blog.didierstevens.com/2012/03/29/update-se_aslr-version-0-0-0-2/
 > > (Usually TBB Team makes hardening on Windows, but if you make it for
 Tor and TBB, it would be great. :)
 >
 >
 > My reading of https://blogs.technet.microsoft.com/srd/2013/12/11
 /software-defense-mitigating-common-exploitation-techniques/ is that this
 technique is used by default in Windows 8+ if you turn on ASLR. So adding
 the code manually would improve the situation on Windows 7; but would
 probably just eat memory (although this may not be a real problem) on
 anything above that.
 As you like this doc, please, think about Force ASLR for TBB. But your
 worries about the code may be applied to old implementations only (Firefox
 uses that pseudo-ASLR in its pseudo-sandbox from pseudo-google
 https://dxr.mozilla.org/mozilla-
 central/source/security/sandbox/chromium/sandbox/win/src/process_mitigations.cc#302).
 See the researches of Didier Stevens in articles, subsequent to one in the
 description. Version in comment:9 includes all his findings. EMET SHIM DLL
 also uses something similar with no problems.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4152#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs