[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
From: Shawn Webb <shawn.webb@xxxxxxxxxxxxxxx>
Date: Sat, 17 Aug 2019 18:35:27 -0400
Cc: Patrick Schleizer <adrelanos@xxxxxxxxxx>, whonix-devel@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Aug 2019 18:35:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=u97A4ooReZT0Hc/GcVVOqw3gvHZG227pLgRcPyQQv+M=; b=JC3SdEQOff1BEIBJucYU10PwBtr/kMMqJkZT6BAFlBrBL6TFsqDW1Q8fddDxa3Iwui eXQnpJDKu58+F7bQ1P3zrUaLpFA0xfEfzDFDD+t0vZ2S+7WwlPZukz8D8lVOKvhI2xZ8 MNMiCZSTL5Fo5UzYE1JuIKjYfdk9fjF36B+go60bj+Zdn3MNzOZu1645HshF6QGpKkvo qF0BSP5lF26ne1G2C9LmJx6wmHla2dTJJi8jdOTXWgGQ8mevunWEtWtB/z6bpADqfszH gRy5eYra8hB+3ZNEiIagpudQIWfK6lgxRvCKuZ1XNUoGMRc4SZVy3WIlfQWrENPfAX9/ gOew==
In-reply-to: <4a9a77d1-795a-2733-bafb-609aec3f5dfb@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4a9a77d1-795a-2733-bafb-609aec3f5dfb@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20180716

On Sat, Aug 17, 2019 at 03:06:04PM +0000, procmem@xxxxxxxxxx wrote:
> Question for the Tor Browser experts. Do you know if it is possible to
> remotely fingerprint the browser based on the memory allocator it is
> using? (via JS or content rendering)
> 
> We are thinking of switching Tor Browser to use the minimalist and
> security oriented hardened_malloc written by Daniel Micay. Thanks.

Full disclosure: I'm not well versed in TBB's features, and especially
these kinds of low-level details. I'm a newb who loves to learn. :)

Does Firefox (and/or TBB) have a method for selecting alternate memory
allocators? If so, is the method compile-time or run-time?

Thinking out loud. My newbishness is gonna show:

It would be very interesting to see support for selecting the
allocator at runtime (perhaps requiring a restart of firefox to
activate switching.) Each allocator will perform differently on each
OS, especially with regards to memory safety (ASR versus ASLR,
per-boot randomization versus per-execve, different implementations of
memory guards, etc.)

Having the heap implementation selectable at runtime would enable
users to make the determination for themselves, while also making
future integration efforts easier through modularization/abstraction
APIs (I'm making a silly, naive, and likely wrong, assumption that such
APIs don't already exist.)

I hope I'm not coming off as "hey, do this." I'm just thinking out
loud in an admittedly naive fashion.

Anyone have any thoughts?

PS: I find Daniel's hardened_malloc project very interesting. I hope
to someday provide integration with it directly in HardenedBSD. In
similar vein as what you're thinking, even.

It would be interesting to see how OS fingerprinting changes as
different alternate implementations of various OS components (heap
implementations, LibreSSL versus OpenSSL, etc.) affect OS
fingerprinting at an application level (via JS, content rendering, or
otherwise.)

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera@xxxxxxxxxxxxxx
GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
  - From: teor

References:
- [tor-dev] TBB Memory Allocator choice fingerprint implications
  - From: procmem@xxxxxxxxxx

Prev by Author: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Next by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Previous by thread: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Next by thread: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Index(es):
- Author
- Thread