[tor-bugs] #20955 [Applications/Tor Browser]: Tor Browser memory hardening

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 20 04:09:33 UTC 2017

#20955: Tor Browser memory hardening
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by cypherpunks):

 I'm a bit weary about using a memory allocator from a research paper.
 There are alternatives that are actively developed and regularly used in
 production systems, like OpenBSD malloc and Copperhead malloc. They also
 do not come with the risk of the authors not maintaining the source as
 they move on to another research project. Personally, I would very
 strongly recommend the Copperhead malloc, as it's an improvement over even
 the OpenBSD malloc in quite a few ways, and has some very interesting
 hardening techniques planned for the future.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20955#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list