[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4152 [Core Tor/Tor]: Implement Bottom Up Randomization (Windows platform)
#4152: Implement Bottom Up Randomization (Windows platform)
-------------------------------------------------+-------------------------
Reporter: bastik | Owner: tom
Type: enhancement | Status:
| assigned
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-relay windows hardening aslr | Actual Points:
security |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:10 tom]:
> Replying to [comment:9 cypherpunks]:
> > The correct implementation has already been written in
https://blog.didierstevens.com/2012/03/29/update-se_aslr-version-0-0-0-2/
> > (Usually TBB Team makes hardening on Windows, but if you make it for
Tor and TBB, it would be great. :)
>
>
> My reading of https://blogs.technet.microsoft.com/srd/2013/12/11
/software-defense-mitigating-common-exploitation-techniques/ is that this
technique is used by default in Windows 8+ if you turn on ASLR. So adding
the code manually would improve the situation on Windows 7; but would
probably just eat memory (although this may not be a real problem) on
anything above that.
As you like this doc, please, think about Force ASLR for TBB. But your
worries about the code may be applied to old implementations only (Firefox
uses that pseudo-ASLR in its pseudo-sandbox from pseudo-google
https://dxr.mozilla.org/mozilla-
central/source/security/sandbox/chromium/sandbox/win/src/process_mitigations.cc#302).
See the researches of Didier Stevens in articles, subsequent to one in the
description. Version in comment:9 includes all his findings. EMET SHIM DLL
also uses something similar with no problems.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4152#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs