[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #12418 [Applications/Tor Browser]: TBBs with UBSan create lots of errors when running

Subject: Re: [tor-bugs] #12418 [Applications/Tor Browser]: TBBs with UBSan create lots of errors when running
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 24 Dec 2016 14:04:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 Dec 2016 09:04:37 -0500
In-reply-to: <042.7d09d0c08ff1a6f5505146603d10c5d8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.7d09d0c08ff1a6f5505146603d10c5d8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#12418: TBBs with UBSan create lots of errors when running
----------------------------------------+--------------------------
 Reporter:  gk                          |          Owner:  tbb-team
     Type:  defect                      |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:7 bugzilla]:
 > Maybe, it's better to start using UBSan on FF's components step by step
 (JS, NSS, etc).
 I'd start with the image decoders. I know of at least one 0day being
 traded actively which is exploitable in Tor Browser in the highest
 security setting, and none of the people who I trade with are going to
 report it (neither can I). But UBSan is very likely to mitigate it, if
 trapped to `ud2` with `-fsanitize-undefined-trap-on-error`, as well as
 others. After that, NSS is probably the most important, because it can't
 be turned off. JS has a huge surface area, but it can be disabled by the
 slider.

 If I have free time, I'll try building FF with the image decoders using
 UBSan, but I'd really rather it if someone else who's already testing this
 stuff out do it since I've been very busy with other things (I might take
 a while).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12418#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #20967 [Applications/Tor Browser]: Show security level in Torbutton icon or make it more visible in general
Next by Author: Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.
Previous by thread: Re: [tor-bugs] #16352 [Applications/Tor Browser]: Play with Intel's MPX for hardened Tor Browser builds
Next by thread: [tor-bugs] #21076 [Applications/Tor Browser Sandbox]: failed to initialize user interface: open /home/user/.local/share/sandboxed-tor-browser/tor-browser/Browser/defaults/pref/autoconfig.js
Index(es):
- Author
- Thread