[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12427 [Tor Browser]: Investigate Virtual Table Verification (VTV) hardening for Tor Browser on Linux and Windows
#12427: Investigate Virtual Table Verification (VTV) hardening for Tor Browser on
Linux and Windows
-----------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by tom):
Another feature of GCC 4.9 to investigate is the 'final' optimization, and
if this can be automatically applied to classes. 'final' is a security
feature hiding inside an optimization: By optimizing out vtable calls you
can make it harder to exploit UAFs.
More info:
* http://stackoverflow.com/questions/7538820/how-does-the-compiler-
benefit-from-cs-new-final-keyword
* http://media.blackhat.com/bh-
us-12/Briefings/M\_Miller/BH\_US\_12\_Miller\_Exploit\_Mitigation\_Slides.pdf
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12427#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs