[tor-bugs] #12820 [Tor Browser]: Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit)

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 3 17:24:42 UTC 2016


#12820: Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience
Toolkit)
-------------------------------------------+--------------------------
 Reporter:  mikeperry                      |          Owner:  erinn
     Type:  project                        |         Status:  accepted
 Priority:  Medium                         |      Milestone:
Component:  Tor Browser                    |        Version:
 Severity:  Major                          |     Resolution:
 Keywords:  tbb-security, tbb-isec-report  |  Actual Points:
Parent ID:                                 |         Points:
  Sponsor:                                 |
-------------------------------------------+--------------------------

Comment (by cypherpunks):

 I use
 {{{#!xml
 <EMET Version="5.5.5871.31890">
   <EMET_Apps>
     <AppConfig Path="*\Browser" Executable="firefox.exe">
       <Mitigation Name="DEP" Enabled="true" />
       <Mitigation Name="SEHOP" Enabled="true" />
       <Mitigation Name="NullPage" Enabled="true" />
       <Mitigation Name="HeapSpray" Enabled="true" />
       <Mitigation Name="EAF" Enabled="true" />
       <Mitigation Name="EAF+" Enabled="true">
         <eaf_modules>mozjs.dll;xul.dll</eaf_modules>
       </Mitigation>
       <Mitigation Name="MandatoryASLR" Enabled="true" />
       <Mitigation Name="BottomUpASLR" Enabled="true" />
       <Mitigation Name="LoadLib" Enabled="true" />
       <Mitigation Name="MemProt" Enabled="true" />
       <Mitigation Name="Caller" Enabled="true" />
       <Mitigation Name="SimExecFlow" Enabled="true" />
       <Mitigation Name="StackPivot" Enabled="true" />
       <Mitigation Name="ASR" Enabled="true">
 <asr_modules>flash*.ocx;njpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll;vbscript.dll</asr_modules>
       </Mitigation>
     </AppConfig>
     <AppConfig Path="*\Browser" Executable="plugin-container.exe">
       <Mitigation Name="DEP" Enabled="true" />
       <Mitigation Name="SEHOP" Enabled="true" />
       <Mitigation Name="NullPage" Enabled="true" />
       <Mitigation Name="HeapSpray" Enabled="true" />
       <Mitigation Name="EAF" Enabled="true" />
       <Mitigation Name="EAF+" Enabled="true" />
       <Mitigation Name="MandatoryASLR" Enabled="true" />
       <Mitigation Name="BottomUpASLR" Enabled="true" />
       <Mitigation Name="LoadLib" Enabled="true" />
       <Mitigation Name="MemProt" Enabled="true" />
       <Mitigation Name="Caller" Enabled="true" />
       <Mitigation Name="SimExecFlow" Enabled="true" />
       <Mitigation Name="StackPivot" Enabled="true" />
       <Mitigation Name="ASR" Enabled="true">
 <asr_modules>flash*.ocx;njpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll;vbscript.dll</asr_modules>
       </Mitigation>
     </AppConfig>
     <AppConfig Path="*\Tor" Executable="tor.exe">
       <Mitigation Name="DEP" Enabled="true" />
       <Mitigation Name="SEHOP" Enabled="true" />
       <Mitigation Name="NullPage" Enabled="true" />
       <Mitigation Name="HeapSpray" Enabled="true" />
       <Mitigation Name="EAF" Enabled="true" />
       <Mitigation Name="EAF+" Enabled="true" />
       <Mitigation Name="MandatoryASLR" Enabled="true" />
       <Mitigation Name="BottomUpASLR" Enabled="true" />
       <Mitigation Name="LoadLib" Enabled="true" />
       <Mitigation Name="MemProt" Enabled="true" />
       <Mitigation Name="Caller" Enabled="true" />
       <Mitigation Name="SimExecFlow" Enabled="true" />
       <Mitigation Name="StackPivot" Enabled="true" />
       <Mitigation Name="ASR" Enabled="false" />
     </AppConfig>
   </EMET_Apps>
 </EMET>
 }}}
 and this doesn't work  for firefox :(, but works for Tor.

 I lso worrying about the fact that MS EMET is a proprietary software
 (though its .Net part is quite analyzable)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12820#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list