[tbb-bugs] #13018 [Applications/Tor Browser]: Math routines are OS fingerprintable
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 14 03:58:03 UTC 2017
#13018: Math routines are OS fingerprintable
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-os-version, | Actual Points:
ff31-esr |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by yawning):
A few notes:
* A quick check with the browser console gives me the impression that
simple JS math expressions are evaluated with 64 bit intermediaries (as
opposed to 80 bit). I am uncertain about the JS JIT behavior. `(1.0 +
Number.EPSILON * 0.5) + Number.EPSILON * 0.5`)
* Assuming calls are made to libm (or equivalent) blindly, the results on
each system are library version and implementation dependent. A
particularly egregious example would be the output of `double sin(double
x);` being flat out wrong for glibc < 2.19 for certain values. MS's VC++
runtime is less wrong for a different set of certain values, but is still
wrong. This probably applies to most transcendental functions.
* Even if we fix the JS that calls into libm, higher level apis that just
happen to do math are not guaranteed to give the correct results,
depending on how the native code it's called into is written or built. If
we can assume that x87 is never used at all, then we'd still need to check
for things like ` rsqrtss`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13018#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list