[tor-bugs] #13893 [Tor Browser]: Torbrowser crashes on start when using MS EMET 5.x
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 18 17:11:05 UTC 2016
#13893: Torbrowser crashes on start when using MS EMET 5.x
-------------------------------------------------+-------------------------
Reporter: Diapolo | Owner: gk
Type: defect | Status:
Priority: High | needs_revision
Component: Tor Browser | Milestone:
Severity: Major | Version:
Keywords: tbb-security, tbb-crash, tbb- | Resolution:
usability-stoppoint-app, | Actual Points:
TorBrowserTeam201602, GeorgKoppen201602, | Points:
fuck-mingw-gcc |
Parent ID: #12820 |
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Comment (by bugzilla):
Oh, it seems somebody in comment:19 was wrong :( And, in general, we
should ask GCC team to stop generating overoptimized code that makes
addresses predictable and thus vulnerable to SimExecFlow.
There were a lot of implications after Deep Hooks had been enabled by
default in EMET. And cypherpunks suspected hooks as the reason of crashes.
But now EMET is constantly auditing TBB with all Global Mitigation
Settings disabled (incl. Deep Hooks) and the situation hasn't changed.
(Seems to be a real vulnerability)
Somebody proposed to do something with too aggressive inlining. So, it can
be checked with {{{-Ob0}}} whether it's the reason of the issues.
Also, there are a lot of posts about surprises with {{{-O3}}}, so, maybe,
{{{-O2}}} will help.
(EMET version 5.5.5871.31892)
+ a lot of calls to:
CodeAddress : 0x61462446
CodeStackPtr : 0x36E830
CalledAddress : 0x770FF0F2
API name : kernel32.LoadLibraryW
StackPtr : 0x0036E5F0
FramePtr : 0x0
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13893#comment:48>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list