[tor-bugs] #12427 [Tor Browser]: Investigate Virtual Table Verification (VTV) hardening for Tor Browser on Linux and Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 12 16:28:57 UTC 2014
#12427: Investigate Virtual Table Verification (VTV) hardening for Tor Browser on
Linux and Windows
-----------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by tom):
Another feature of GCC 4.9 to investigate is the 'final' optimization, and
if this can be automatically applied to classes. 'final' is a security
feature hiding inside an optimization: By optimizing out vtable calls you
can make it harder to exploit UAFs.
More info:
* http://stackoverflow.com/questions/7538820/how-does-the-compiler-
benefit-from-cs-new-final-keyword
* http://media.blackhat.com/bh-
us-12/Briefings/M\_Miller/BH\_US\_12\_Miller\_Exploit\_Mitigation\_Slides.pdf
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12427#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list