[tor-bugs] #10281 [Firefox Patch Issues]: Investigate usage of alternate memory allocators and meory hardening options
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 3 23:54:27 UTC 2013
#10281: Investigate usage of alternate memory allocators and meory hardening
options
--------------------------------------------+---------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: gitian, tbb-security-hardening | Actual Points:
Parent ID: | Points:
--------------------------------------------+---------------------
One thing we can do to improve security of TBB is to build it with an
alternate semi-hardened malloc implementation that attempts to randomize
the allocation pattern and performs some minimal checks to guard against
heap overflows an reference count issues in Firefox (perhaps by also
enabling some additional reference count debugging features already in
Firefox).
Such allocator behavior may make exploitation of various use-after-free
vulnerabilities more difficult, as it would be harder to predict the
location of reallocated regions during exploitation in order to get a
target object to overlay an incorrectly freed object.
The downside is this will likely come at the performance costs of loss of
locality, increased fragmentation, and additional overhead of reference
count checks, but this may be an acceptable cost for improved hardening
against exploits.
The first question is: are there any existing drop-in replacement memory
allocators we can use in place of Firefox's current jemalloc
implementation?
The second question is will any of the Firefox refcounting checks actually
help, or will they just increase runtime for no real benefit?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10281>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list