[tbb-bugs] #22315 [Applications/Tor Browser]: Make use of interceptor to protect memory on Windows (spin-off from #12426)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat May 20 18:50:12 UTC 2017


#22315: Make use of interceptor to protect memory on Windows (spin-off from #12426)
------------------------------------------+--------------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-security
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------
 > add EnableLowFragmentationHeap() modified from ​https://dxr.mozilla.org
 /mozilla-esr24/source/ipc/chromium/src/base/process_util_win.cc#867
 It was an old approach from Google that couldn't be applied, because it
 was single-threaded and led to:
 https://blogs.msdn.microsoft.com/oldnewthing/20110701-00/?p=10273/
 So that they added just
 https://chromium.googlesource.com/chromium/src/+/e4adea20236d1cee76f0c61798b1613e07a7f4c1/chrome/app/chrome_exe_main_win.cc#113
 from a well-known approach
 http://microsoft.public.vsnet.general.narkive.com/vkWRTQaL/low-
 fragmentation-heap, but with that test
 https://chromium.googlesource.com/chromium/src/+/95b42e2745a2380a16112a059bd0e842d81f0c0a/base/process_util_unittest.cc#377
 So you can add Chromium's solution as fast and easy fix (as in #12426),
 but for the default heap only.

 A more general approach is to use an interceptor for LFH, bottom-up ASLR
 and other mitigations on every relevant memory allocation:
 https://github.com/promised-
 lu/MemoryProtection/blob/master/MemoryProtection/MemoryProtection.cxx

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22315>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list