How to defend from a Chrome 0day exploit?
-> Use Firefox ASan build.
Linux: firefox-ci-tc.services.mozilla.com/api/index/v1/t
Windows: firefox-ci-tc.services.mozilla.com/api/index/v1/t
Conversation
Replying to
ASan detects memory accesses outside of valid allocations rather than preventing exploitation which involves overwriting data within memory allocations. It adds substantial attack surface too. It's not an exploit mitigation and doesn't provide any kind of actual memory safety.
1
Replying to
You should read newer information including on the value that ASan provides for an attacker, including from people who work on it. There are substantial drawbacks to using it. It's not simply a way of getting some weak memory protections. It causes substantial harm too.
1
2
Replying to
could you please share us further details to support your claims? you mentioned about those 'values' and 'substantial harm'? would that affect the FF ASan build?
2
Replying to
You're proposing doing something that was temporarily adopted by the Tor Project for a variant of the Tor Browser and then later determined to be a mistake. It has been consistently recommended against by researchers and the developers of ASan. You can do what you want though.
1
1
... you see, you cant just keep saying something without any proper sources.
I get what you want to say but you also need to provide something that makes people to understand your claims.
1
Replying to
I told you that you should read newer information from security researchers, ASan developers and take a look at how the Tor Project misused it for this and then determined it was a bad idea.
ASan makes you lose mitigations. It's not simply adding checks. You're removing security features in order to use it.
It logs errors by default and then continues on since it's a debugging tool. It can be configured set to stop after reporting an error but it's not the default.
1
1
UBSan in Clang (not GCC) is reasonable to use in production. ShadowCallStack (arm64 only) and the entire CFI feature were built for production usage and make a lot of sense to use globally. It requires work though.
1
1
Show replies
Replying to
finished reading your comments in that thread and also there seem to be interesting posts with how people exploit with ASan build. Thanks for sharing. well. I think it is up to others to whether to use or not to use. I would still stick with the daily updated ASan build for now.
1
the way it is exploited is pretty unlikely for some attacker to even care for the ASan build when targets are mostly sticked on a stable build.
I get it, thanks for sharing.
1
Show replies