[tor-bugs] #12820 [Tor Browser]: Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 3 17:24:42 UTC 2016
#12820: Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience
Toolkit)
-------------------------------------------+--------------------------
Reporter: mikeperry | Owner: erinn
Type: project | Status: accepted
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-security, tbb-isec-report | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------------------------+--------------------------
Comment (by cypherpunks):
I use
{{{#!xml
<EMET Version="5.5.5871.31890">
<EMET_Apps>
<AppConfig Path="*\Browser" Executable="firefox.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true">
<eaf_modules>mozjs.dll;xul.dll</eaf_modules>
</Mitigation>
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx;njpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll;vbscript.dll</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\Browser" Executable="plugin-container.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx;njpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll;vbscript.dll</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\Tor" Executable="tor.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
</EMET_Apps>
</EMET>
}}}
and this doesn't work for firefox :(, but works for Tor.
I lso worrying about the fact that MS EMET is a proprietary software
(though its .Net part is quite analyzable)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12820#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list