#22315: Make use of interceptor to protect memory on Windows (spin-off from
#12426)
------------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------
> add EnableLowFragmentationHeap() modified from https://dxr.mozilla.org
/mozilla-esr24/source/ipc/chromium/src/base/process_util_win.cc#867
It was an old approach from Google that couldn't be applied, because it
was single-threaded and led to:
https://blogs.msdn.microsoft.com/oldnewthing/20110701-00/?p=10273/
So that they added just
https://chromium.googlesource.com/chromium/src/+/e4adea20236d1cee76f0c61798b1613e07a7f4c1/chrome/app/chrome_exe_main_win.cc#113
from a well-known approach
http://microsoft.public.vsnet.general.narkive.com/vkWRTQaL/low-
fragmentation-heap, but with that test
https://chromium.googlesource.com/chromium/src/+/95b42e2745a2380a16112a059bd0e842d81f0c0a/base/process_util_unittest.cc#377
So you can add Chromium's solution as fast and easy fix (as in #12426),
but for the default heap only.
A more general approach is to use an interceptor for LFH, bottom-up ASLR
and other mitigations on every relevant memory allocation:
https://github.com/promised-
lu/MemoryProtection/blob/master/MemoryProtection/MemoryProtection.cxx
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22315>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
