[tor-bugs] #10065 [Tor Browser]: Improve Hardening for TBB3.0

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 21 23:38:15 UTC 2014 

#10065: Improve Hardening for TBB3.0
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  erinn
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-3.0, gitian, tbb-security, tbb-
  Browser                |  gitian, tbb-isec-report
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by erinn):

 * status:  accepted => needs_review


Comment:

 I've updated all of my patches for the 4.x series and the branch is here:

 https://gitweb.torproject.org/user/erinn/tor-browser-
 bundle.git/shortlog/refs/heads/tbb-4.x-hardening

 I have a test bundle here as well, if anyone would like to build & check
 for reproducibility:
 http://paganini.erinn.org/~erinn/torbrowser-install-4.0-alpha-1_en-US.exe
 9328f4887406667d5d578d256fe9650e7b685f02e8f9a9248b1b1c7ef81987a1

 Some issues remain, namely that none of the pluggable transports are
 hardened. The python dll we're distributing only has DEP and not ASLR. As
 I understand it, the default options have changed in the distributions of
 Python 3.x, but it seems like no small task to switch from one to the
 other. I looked into crosscompiling Python and while it seems possible (in
 the sense that there is some python-mingw port by some random person on
 the internet), it also might be quite a time consuming project.

 As for the PTs written in Go, I refer to
 [https://groups.google.com/forum/#!topic/golang-nuts/Jd9tlNc6jUE this
 thread] where Russ Cox says:

 {{{
 Address space randomization is an OS-level workaround for a
 language-level problem, namely that simple C programs tend to be full
 of exploitable buffer overflows.  Go fixes this at the language level,
 with bounds-checked arrays and slices and no dangling pointers, which
 makes the OS-level workaround much less important.  In return, we
 receive the incredible debuggability of deterministic address space
 layout.  I would not give that up lightly.
 }}}

 Anyway, feedback welcome. Putting this into needs_review. I should note
 that skruffy's binutils patch remains mostly unreviewed, and I still need
 to send it upstream, but if anyone feels like digging into it before I do,
 I would appreciate it (and so would he).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list