Hi all,
I _think_ I've managed to build a 64-bit version of Tor Browser for Mac OS. Specifically, I built the entire bundle, but only TorBrowser was modified to be 64bit. The changes I made are here: https://github.com/tomrittervg/tor-browser/commit/79fbe1e3ffde1ac3577a9937aa... (ignore the last couple lines commenting out some options I had added, then removed).
The bundles are here: https://ritter.vg/misc/transient/2014-09-02-4.x-1-build1-tjr5/
It would be fantastic if anyone could test the bundles and/or the patch and determine if
a) you agree it's 64 bit b) it works c) anyone else can reproduce a 64 bit build (I'm not going for full reproducibility right now, just a successfull build that is 64 bit)
-tom
On 9/2/14, 11:25 PM, Tom Ritter wrote:
Hi all,
I _think_ I've managed to build a 64-bit version of Tor Browser for Mac OS. Specifically, I built the entire bundle, but only TorBrowser was modified to be 64bit. The changes I made are here: https://github.com/tomrittervg/tor-browser/commit/79fbe1e3ffde1ac3577a9937aa... (ignore the last couple lines commenting out some options I had added, then removed).
The bundles are here: https://ritter.vg/misc/transient/2014-09-02-4.x-1-build1-tjr5/
It would be fantastic if anyone could test the bundles and/or the patch and determine if
a) you agree it's 64 bit b) it works
I did a quick test on a Mac OS 10.9.4 system and I also confirmed that all of the Firefox binaries are 64-bit. The tor and pluggable transport pieces are still 32-bit (but you already knew that). Would there be any advantage from a security perspective if we also deliver 64-bit binaries for tor and related components?
c) anyone else can reproduce a 64 bit build (I'm not going for full reproducibility right now, just a successfull build that is 64 bit)
I need to do some ESR31 patch work first....
On 3 September 2014 08:13, Mark Smith mcs@pearlcrescent.com wrote:
I did a quick test on a Mac OS 10.9.4 system and I also confirmed that all of the Firefox binaries are 64-bit. The tor and pluggable transport pieces are still 32-bit (but you already knew that). Would there be any advantage from a security perspective if we also deliver 64-bit binaries for tor and related components?
Speaking generally, not knowing about all the components or specifics - you get some small wins moving to 64 bit - mainly the increased address space for ASLR and defense against practical integer overflow. But it can be dangerous too - Nick's a wonderful programmer but there are classes of bugs that result from 32-64 bit conversions. http://www.viva64.com/en/a/0065/ I would not be surprised if there was _some_ bug somewhere because of it.
I'm not sure if there are other components in the bundle, related to firefox.exe but not part of it's build process, that should be 64bit though.... But I guess if TBB works, it's obviously not _necessary_.
c) anyone else can reproduce a 64 bit build (I'm not going for full reproducibility right now, just a successfull build that is 64 bit)
I need to do some ESR31 patch work first....
Oh, no sweat - this is obviously on-the-side from deliverables =)
-tom
Tom Ritter:
Hi all,
I _think_ I've managed to build a 64-bit version of Tor Browser for Mac OS. Specifically, I built the entire bundle, but only TorBrowser was modified to be 64bit. The changes I made are here: https://github.com/tomrittervg/tor-browser/commit/79fbe1e3ffde1ac3577a9937aa... (ignore the last couple lines commenting out some options I had added, then removed).
The bundles are here: https://ritter.vg/misc/transient/2014-09-02-4.x-1-build1-tjr5/
It would be fantastic if anyone could test the bundles and/or the patch and determine if
a) you agree it's 64 bit b) it works c) anyone else can reproduce a 64 bit build (I'm not going for full reproducibility right now, just a successfull build that is 64 bit)
Does this enable full ASLR, along with any other OSX hardening options that you saw in Firefox that we were lacking, or do we still need the 10.7 SDK for those?
Mike Perry:
Tom Ritter:
Hi all,
I _think_ I've managed to build a 64-bit version of Tor Browser for Mac OS. Specifically, I built the entire bundle, but only TorBrowser was modified to be 64bit. The changes I made are here: https://github.com/tomrittervg/tor-browser/commit/79fbe1e3ffde1ac3577a9937aa... (ignore the last couple lines commenting out some options I had added, then removed).
The bundles are here: https://ritter.vg/misc/transient/2014-09-02-4.x-1-build1-tjr5/
It would be fantastic if anyone could test the bundles and/or the patch and determine if
a) you agree it's 64 bit b) it works c) anyone else can reproduce a 64 bit build (I'm not going for full reproducibility right now, just a successfull build that is 64 bit)
Does this enable full ASLR, along with any other OSX hardening options that you saw in Firefox that we were lacking, or do we still need the 10.7 SDK for those?
For what it is worth we need to switch to the 10.7 SDK for ESR 38 anyway. See: https://bugs.torproject.org/12761. Thus, we might want to start early (i.e. after ESR 31 based bundles got out) which would allow us to solve one blocker for the ESR 38 based release beforehand. Note, though, that switching to the 10.7 SDK is perfectly possible with supporting 10.6.
Georg
On 5 September 2014 02:58, Georg Koppen gk@torproject.org wrote:
Mike Perry:
Does this enable full ASLR, along with any other OSX hardening options that you saw in Firefox that we were lacking, or do we still need the 10.7 SDK for those?
For what it is worth we need to switch to the 10.7 SDK for ESR 38 anyway. See: https://bugs.torproject.org/12761. Thus, we might want to start early (i.e. after ESR 31 based bundles got out) which would allow us to solve one blocker for the ESR 38 based release beforehand. Note, though, that switching to the 10.7 SDK is perfectly possible with supporting 10.6.
You will not need the 10.6 SDK to enable full ASLR, since Mozilla was doing it with 10.6.
I think the judicious inclusion of -fPIE in CFLAGS[0] gives me very good confidence that ASLR is enabled, even though the flag may not actually be necessary. But there is a different problem. tor.exe (tor.real on mac) is mapped into memory, and it does _not_ have ASLR, and thus its libraries are loaded predictably. That's next on the docket to figure out...
If you can find a 10.7 SDK for Unix (the repo you got the 10.6 SDK from doesn't have a 10.7) I can give it a shot, independent of my other efforts. Looking at backscroll, it seems like you might have started that process?
-tom
[0] https://github.com/tomrittervg/tor-browser/commit/6971bbb73a7e5bbbca96da8e24...
Okay, I think it's all good - 64bit everything: utils, tor, Firefox, Pluggable Transports, full ASLR. I tested all the PTs and.... I think they work. flashproxy wasn't getting past 10%, I attributed that to there not being flashproxy users... In general, doing solid checks of PTs and making sure we're confident they're working is important.
Binaries are here: https://ritter.vg/misc/transient/2014-09-16-tjr-64bit/ Note that I'm doing some testing on my server, so I have a self-signed cert on it. The fingerprint is: SHA1 Fingerprint=07:B5:CA:28:23:8F:4B:7C:8C:E3:8F:8C:FE:D9:41:5E:28:47:25:5B
And clean commits (one in each repo) are here: https://github.com/tomrittervg/tor-browser/commit/943e21166dc840547dfd96810a... https://github.com/tomrittervg/tor-browser-builder/commits/tjr-64bit
-tom