[tbb-dev] SELFRANDO_write_layout_file enabled intentionally?

Yawning Angel yawning at schwanenlied.me
Wed May 17 10:52:01 UTC 2017

On Tue, 16 May 2017 19:45:40 -0500
Tom Ritter <tom at ritter.vg> wrote:
> On 16 May 2017 at 19:21, teor <teor2345 at gmail.com> wrote:
> > Even worse: can an exploit read this file to find out the memory
> > layout?
> >
> > (I think the answer is: yes, but it doesn't matter, because it would
> > have to run arbitrary code to read the file. Maybe.)  
> My attitude towards this, and what I requested of the selfrando team
> for Mozilla's investigation, is that the seed/layout be written to
> disk and erased from memory. An attacker who gets an information
> disclosure could steal the seed from memory otherwise and undo the
> protection. Arbitrary file reads are less common that infoleaks. (And
> we want to keep the mapping around for debugging crashes.)

`sandboxed-tor-browser` doesn't set the env var, and I don't see myself
ever setting it, because `/tmp` will get obliterated when firefox exits

Is it safe to assume that the current behavior of "not setting anything
here will result in no files getting created" will remain consistent?


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170517/70953c27/attachment.sig>

More information about the tbb-dev mailing list