[tbb-bugs] #16010 [Applications/Tor Browser]: Get a working content process sandbox for Tor Browser on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 3 21:19:27 UTC 2017
#16010: Get a working content process sandbox for Tor Browser on Windows
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-gitian, tbb-security, | Actual Points:
tbb-7.0-must, TorBrowserTeam201703, |
GeorgKoppen201703 |
Parent ID: #21147 | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by tom):
Replying to [comment:17 cypherpunks]:
> According to https://dxr.mozilla.org/mozilla-
esr52/search?limit=100&redirect=false&q=__except%20path%3Asecurity/sandbox%2F
you can use #12425 as an easy-fix/dirty-haxx just to get it working like
#12113, but it's not safe, however.
I'm pretty sure we cannot. try {} except {} can be replaced with
setjmp/longjmp but __try / __except are a special MSVC extension that
catches what would otherwise be a segfault.
Right now we're looking at a few options:
1) Rip out all __try / __except and just hope we don't hit an access
violation in normal usage
2) MinGW's __try1 / __except1 construct
3) libseh from here:
http://www.programmingunlimited.net/siteexec/content.cgi?page=mingw-seh
Preliminary testing of both 1 and 2 indicate these probably don't work.
But we don't know exactly why yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16010#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list