On Sat, Aug 17, 2019 at 03:06:04PM +0000, procmem@riseup.net wrote:
Question for the Tor Browser experts. Do you know if it is possible to remotely fingerprint the browser based on the memory allocator it is using? (via JS or content rendering)
We are thinking of switching Tor Browser to use the minimalist and security oriented hardened_malloc written by Daniel Micay. Thanks.
Full disclosure: I'm not well versed in TBB's features, and especially these kinds of low-level details. I'm a newb who loves to learn. :)
Does Firefox (and/or TBB) have a method for selecting alternate memory allocators? If so, is the method compile-time or run-time?
Thinking out loud. My newbishness is gonna show:
It would be very interesting to see support for selecting the allocator at runtime (perhaps requiring a restart of firefox to activate switching.) Each allocator will perform differently on each OS, especially with regards to memory safety (ASR versus ASLR, per-boot randomization versus per-execve, different implementations of memory guards, etc.)
Having the heap implementation selectable at runtime would enable users to make the determination for themselves, while also making future integration efforts easier through modularization/abstraction APIs (I'm making a silly, naive, and likely wrong, assumption that such APIs don't already exist.)
I hope I'm not coming off as "hey, do this." I'm just thinking out loud in an admittedly naive fashion.
Anyone have any thoughts?
PS: I find Daniel's hardened_malloc project very interesting. I hope to someday provide integration with it directly in HardenedBSD. In similar vein as what you're thinking, even.
It would be interesting to see how OS fingerprinting changes as different alternate implementations of various OS components (heap implementations, LibreSSL versus OpenSSL, etc.) affect OS fingerprinting at an application level (via JS, content rendering, or otherwise.)
Thanks,