[tbb-bugs] #13873 [Tor Browser]: hard lock tails/torbrowser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 1 16:32:25 UTC 2014
#13873: hard lock tails/torbrowser
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Keywords: security, usability, fuzzing | Actual Points:
Parent ID: | Points:
------------------------------------------+--------------------------
I was looking at some of the fantastic fuzzing research from lcamtuf and I
made the mistake of looking at the autogenerated test cases:
http://lcamtuf.coredump.cx/afl/demo/gif_im/full/
It locked my machine (on Tails) because the browser began to consume every
possible resource. I would consider this a Tails issue as the load was
around ~20 after a minute or three but not Tails alone. On the one hand, I
think Tails should probably compartmentalize the browser and set
reasonable rlimits. On the other hand, why doesn't Tor Browser do that?
The fact that the entire machine locked up is clearly a Tails-doesn't
-confine-the-browser very-well. The fact that Tor Browser can do that is
clearly a Tor Browser doesn't set limits issue. I don't think this is just
a matter of "not sandboxing" but rather this is a matter of trying to use
every bit of juice a machine has available.
How could we do this on a sane platform? In an ideal world, we can load
any page and it should not lock the machine. In an ideal world, we could
load any page and it shouldn't even lock the browser for other tabs. The
latter is obviously something that comes with sandboxing but only if the
whole machine isn't thrashing, right?
Anyway, we may also want to use lcamtuf's awesome fuzzing work to crash
Tor Browser in interesting ways.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13873>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list