search

guardianproject / orbot

The Github home of Orbot: Tor on Android (Also available on gitlab!)
https://gitlab.com/guardianproject/orbot
Other
2.27k stars 338 forks source link

MTE Fail #1026

Open southwestgit opened 12 months ago

southwestgit commented 12 months ago

Describe the Bug App fails androids memory safety test.

To Reproduce Steps to reproduce the behavior: Start the app with MTE (memory tagging) turned on.

Expected Behavior The app to function secure memory tagging turned on.

What Custom Configuration Do You Use? None

Smartphone (please complete the following information):

Crash Logs (Advanced)

type: crash
osVersion: google/husky/husky:14/UD1A.231105.004/2023112900:user/release-keys
package: org.torproject.android:1711200302
process: org.torproject.android
processUptime: 0 + 0 ms
installer: dev.imranr.obtainium

signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0300bf525fcdd4b0

backtrace:
      #00 pc 0000000000985a40  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000) (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32)
      #01 pc 000000000034e198  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000)

Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
LoHub commented 10 months ago

Describe the Bug

App is not runnable on Grapheneos with memory tag protection.

To Reproduce

Enable memory tag protection on GrapheneOS and run app.

Expected Behavior

The app to function secure memory tagging turned on.

What Custom Configuration Do You Use?

GrapheneOS with memory tag protection.

Smartphone (please complete the following information):

type: crash
osVersion: google/shiba/shiba:14/UQ1A.240105.004/2024010400:user/release-keys
uid: 10149 (u:r:untrusted_app_32:s0:c149,c256,c512,c768)
cmdline: org.torproject.android
processUptime: 2062s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 100ca634ddf95d0
threadName: Thread-8
MTE: enabled

backtrace:
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (pc 34b168)
n8fr8 commented 10 months ago

" /data/app//org.torproject.android-/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)"

seems to be the source of the issue?

eighthave commented 10 months ago

Seems like something to run by core tor devs.

Integral-Tech commented 1 month ago

Any progress on this issue?

tladesignz commented 1 month ago

Looks like the root cause is the Go runtime, which is used for all Pluggable Transports:

https://gitlab.torproject.org/tpo/core/onionmasq/-/issues/105

I'm afraid, there's currently no other solution than building a version without any Go code. That would mean no bridges, only direct Tor access, which makes it useless for a lot of countries and without gotun2socks. There would be a C or JVM based tun2socks needed, then.