[tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 While gk is waiting (for something?) in #12426, Tor needs its security
 mitigations to be corrected according to
 https://blogs.microsoft.com/microsoftsecure/2009/08/06/setting-sdl-memory-
 related-requirements-before-your-application-starts/ before the release.
 So, adding
 {{{
   HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
 }}}
 after
 https://gitweb.torproject.org/tor.git/tree/src/or/main.c?h=release-0.3.0#n3570
 and changing
 {{{
 if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
 }}}
 with
 {{{
 if (setdeppolicy) setdeppolicy(3); /* PROCESS_DEP_ENABLE |
 PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
 }}}
 will do the trick.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-needs |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by cypherpunks):

 * status:  new => assigned
 * owner:   => nickm
 * points:   => 0.1
 * keywords:   => tbb-needs


Comment:

 Is there anybody here to apply this small fix to rc?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
+
 Reporter:  cypherpunks |  Owner:
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-needs 030-backport  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:
+
Changes (by nickm):

 * cc: gk (added)
 * keywords:  tbb-needs => tbb-needs 030-backport
 * owner:  nickm =>
 * milestone:  Tor: 0.3.0.x-final => Tor: 0.3.1.x-final


Comment:

 It needs a reviewer who knows Windows well. Having a patch would also be
 nice.

 Gk, do you agree this is tbb-needs?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by gk):

 * keywords:  tbb-needs 030-backport => 030-backport


Comment:

 Replying to [comment:2 nickm]:
 > It needs a reviewer who knows Windows well. Having a patch would also be
 nice.
 >
 > Gk, do you agree this is tbb-needs?

 I don't think so. It would surely be a good thing to have but it is not
 even Tor Browser specific. Thus, removing the keyword. cypherpunks:
 Please, do not set random keywords we need to keep track of our workflow.
 Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 Thanks, Nick. Let's see how long does the formal process take.

 @gk: It is tbb-wants since 2009 at least, so it could be tbb-needs in
 2017. Official Tor builds for Windows are used (and produced) primarily by
 Tor Browser, so it is affected.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+

Comment (by tom):

 I can review for Windows.

 Patch is good hygiene and worth taking, but it's not going to radically
 improve tor's security.

 As noted, HeapEnableTerminationOnCorruption is enabled by default in
 Win8+.

 PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION I do not believe is needed because
 we're not using ATL library/framework stuff. But it's fine to have, and
 like I said, good hygiene.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * keywords:  030-backport => 030-backport 029-backport
 * status:  assigned => merge_ready


Comment:

 Okay; I've written a branch here as branch `ticket21953_029` in my public
 git repository. Is it what people had in mind?  Please confirm if so, and
 correct if I've got it wrong.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---

Comment (by tom):

 Replying to [comment:6 nickm]:
 > Okay; I've written a branch here as branch `ticket21953_029` in my
 public git repository. Is it what people had in mind?  Please confirm if
 so, and correct if I've got it wrong.

 LGTM

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * milestone:  Tor: 0.3.1.x-final => Tor: 0.3.0.x-final


Comment:

 Merging to 0.3.1; if it works out we can backport.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by teor):

 * status:  merge_ready => needs_revision
 * milestone:  Tor: 0.3.0.x-final => Tor: 0.3.1.x-final


Comment:

 This breaks our jenkins Windows builder with:
 {{{
 gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../tor  -I../tor/src/ext -Isrc/ext
 -I../tor/src/ext/trunnel -I../tor/src/trunnel -I../tor/src/common
 -Isrc/common -I../tor/src/ext/trunnel -I../tor/src/trunnel -I../tor/src/or
 -Isrc/or -DSHARE_DATADIR="\"/usr/share\"" -DLOCALSTATEDIR="\"/usr/var\""
 -DBINDIR="\"/usr/bin\"" -I../tor/src -DTOR_UNIT_TESTS -I../tor/src/common
 -I../UPSTREAM/usr/include -I../UPSTREAM/usr/include
 -I../UPSTREAM/usr/include   -g -O2 -Wno-error=redundant-decls
 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all -Wstack-
 protector -fasynchronous-unwind-tables -Wall -fno-strict-aliasing
 -Waddress -Warray-bounds -Wdouble-promotion -Wextra -Winit-self -Wlogical-
 op -Wmissing-field-initializers -Wmissing-format-attribute -Wmissing-
 noreturn -Woverlength-strings -Woverride-init -Wshadow -Wsync-nand
 -Wtrampolines -Wunused-but-set-parameter -Wunused-but-set-variable
 -Wunused-local-typedefs -Wvariadic-macros -W -Wfloat-equal -Wundef
 -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings
 -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2 -Wwrite-strings
 -Wnested-externs -Wbad-function-cast -Wswitch-enum -Waggregate-return
 -Wpacked -Wunused -Wunused-parameter  -Wold-style-definition -Wmissing-
 declarations -Werror -MT src/or/src_or_libtor_testing_a-main.o -MD -MP -MF
 src/or/.deps/src_or_libtor_testing_a-main.Tpo -c -o src/or
 /src_or_libtor_testing_a-main.o `test -f 'src/or/main.c' || echo
 '../tor/'`src/or/main.c
 ../tor/src/or/main.c: In function 'tor_main':
 ../tor/src/or/main.c:3671:28: error: 'HeapEnableTerminationOnCorruption'
 undeclared (first use in this function)
 ../tor/src/or/main.c:3671:28: note: each undeclared identifier is reported
 only once for each function it appears in
 make[1]: *** [src/or/src_or_libtor_testing_a-main.o] Error 1
 }}}
 https://jenkins.torproject.org/job/tor-ci-windows-commit/1293/

 This part of the patch needs to be made conditional on the existence of
 the function.
 We must fix this or back out the change before the 0.3.1 release.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---

Comment (by nickm):

 https://msdn.microsoft.com/en-
 us/library/windows/desktop/aa366705(v=vs.85).aspx says that
 HeapEnableTerminationOnCorruption is always `1`.  So there's that
 option...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---

Comment (by gk):

 I wonder why this does not break our Tor Browser nightly builds, though.
 The latest one has tor based on bbeba2412e58501d and got properly cross-
 compiled, it seems.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * status:  needs_revision => needs_review
 * milestone:  Tor: 0.3.1.x-final => Tor: 0.3.0.x-final


Comment:

 Added a new commit to bug21953_029 and merged it to master.

 gk: my theory would be that some mingw versions have newer headers than
 others. In the past, the mingw headers have tended to lag the MSVC headers
 a bit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 If you don't like Windows headers so much (especially, windows.h), then,
 of course, `1` instead of `HeapEnableTerminationOnCorruption` is your
 option (like in setdeppolicy), but not redefinition of Windows constants.
 {{{
 HeapSetInformation(NULL, 1 /* HeapEnableTerminationOnCorruption */, NULL,
 0);
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---

Comment (by gk):

 Replying to [comment:12 nickm]:
 > Added a new commit to bug21953_029 and merged it to master.
 >
 > gk: my theory would be that some mingw versions have newer headers than
 others. In the past, the mingw headers have tended to lag the MSVC headers
 a bit.

 Yes, I had the same theory but was a bit unsure as the respective change
 is available since 2013 in mingw-w64's headers. But maybe the version used
 in our jenkins build is indeed older than that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
+--
 Reporter:  cypherpunks |  Owner:
 Type:  defect  | Status:  merge_ready
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.0.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  030-backport, 029-backport  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:
+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
+--
 Reporter:  cypherpunks |  Owner:  (none)
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.0.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:  implemented
 Keywords:  030-backport, 029-backport  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:
+--
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 It's been testing in 0.3.1 for ages, and might help security for a couple
 of windows versions.  Backported to 0.2.9 and forward.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs