[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10065 [Tor bundles/installation]: Improve Hardening for TBB3.0



#10065: Improve Hardening for TBB3.0
------------------------------------------+-----------------------------
     Reporter:  mikeperry                 |      Owner:  erinn
         Type:  defect                    |     Status:  accepted
     Priority:  major                     |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  tbb-3.0, gitian
Actual Points:                            |  Parent ID:
       Points:                            |
------------------------------------------+-----------------------------

Comment (by erinn):

 I played around with this a bit today and here is a tiny bit of progress
 and some rabid fangirling of objdump.

 I enabled ASLR and DEP for tor.exe and libevent (nothing else
 automatically picks up LDFLAGS, so I need to look into that) and so far
 nothing is crashing for me on Win7.

 Relatedly, I've been using objdump lately to look at the results of builds
 from #9444 and decided to see if it's possible to glean information about
 ASLR and DEP from the Windows binaries without having to check them in
 ProcessHacker or some other Windows app. For DLLs and EXEs (both PE),
 there is something called DllCharacteristics in the header which will tell
 you which, if any, of those are enabled. For ASLR it is 0x40 and for DEP
 it's 0x100, so all of our DLLs and EXEs should be showing something like:
 {{{DllCharacteristics   00000140}}}. The main reason this is cool is that
 you can use objdump from Linux to investigate this, you don't need to use
 some Microsoft tool, and it can be automated post-build as a QA measure to
 make sure nothing funky happens accidentally to disable these measures.

 When I talked about this on IRC, Yawning also mentioned this ruby script
 which I haven't tried yet:
 https://github.com/Myne-us/dllcharacteristics

  scan system for characteristics of PE files. This will enable you to find
 PEs with ASLR disabled, DEP disabled, and more

 There is also pefile: http://code.google.com/p/pefile/

  pefile is a multi-platform Python module to read and work with Portable
 Executable (aka PE) files. Most of the information in the PE Header is
 accessible, as well as all the sections, section's information and data.

 As for the crashing: when was it happening? Did anything trigger it? So
 far I have been unable to reproduce with my test bundle. If anyone wants
 to test it, it's here: https://people.torproject.org/~erinn/qa/torbrowser-
 install-3.0-rc-1_en-US-hardened.exe
 e5dac7a49095a1422d82df05f67476119642c7488c8c02a7c452757fcdd769ba

 I'm going to continue to tighten up the hardening options and try to
 reproduce the crashing. I'll also test further with the Microsoft tools
 mentioned above.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs