[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15138 [Tor Browser]: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
#15138: Investigate TBB 4.5 hardening (e.g. DEP/ASLR) on all Platforms
--------------------------+------------------------------------------------
Reporter: tom | Owner: tom
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: TorBrowserTeam201503, tbb-security
Resolution: | Parent ID:
Actual Points: |
Points: |
--------------------------+------------------------------------------------
Comment (by tom):
++gk
I have some builds going to try and figure out if it will be easy to
enable the stack smashing flags.
The hardening-check tool on Linux (part of hardening-includes on
Debian/Ubuntu) can be used to do some stuff automatically.
https://wiki.debian.org/HardeningWalkthrough#Testing_your_packages_after_conversion
A one-liner is:
{{{
hardening-check -q ` find . | xargs -- file | \grep ELF | cut -d " " -f 1
| sed 's/://' | tr '\n' ' ' `
}}}
I used it to double-check the tor-qa test results (at http://test-
reports.tbb.torproject.org/reports/r/4.5a4-build3-Fedora20-x86_64/ ), and
they agree. I think the Pluggable Transports can be whitelisted as being
expected to fail the stack canary and RELRO tests.
To be redundant, it yielded the following warnings (identical on x32 and
x64). While having the stack smashing protection would be nice, I believe
that to exploit a stack smash you would also need to bypass ASLR. (There
may another way, but nothing is coming to mind immediately.)
{{{
./Browser/libmozalloc.so:
Stack protected: no, not found!
./Browser/libnssckbi.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/libplc4.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/libplds4.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/libsmime3.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/libstdc++.so.6:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
}}}
And the following known PT stuff:
{{{
./Browser/TorBrowser/Tor/PluggableTransports/fte/cDFA.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_CAST.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_AES.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES3.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so:
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_Blowfish.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC2.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD2.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD4.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_RIPEMD160.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/meek-client-torbrowser:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so:
Stack protected: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/twisted/python/sendmsg.so:
Fortify Source functions: no, only unprotected functions found!
./Browser/TorBrowser/Tor/PluggableTransports/twisted/python/_initgroups.so:
Stack protected: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so:
Stack protected: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/obfs4proxy:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.so:
Stack protected: no, not found!
./Browser/TorBrowser/Tor/PluggableTransports/meek-client:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15138#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs