orbot icon indicating copy to clipboard operation
orbot copied to clipboard

Published 20 hours ago verified publisher icon guardianproject

MTE Fail

Open southwestgit opened this issue 7 months ago • 3 comments

Describe the Bug App fails androids memory safety test.

To Reproduce Steps to reproduce the behavior: Start the app with MTE (memory tagging) turned on.

Expected Behavior The app to function secure memory tagging turned on.

What Custom Configuration Do You Use? None

Smartphone (please complete the following information):

  • Device: [e.g. Pixel 8] Pixel 8 Pro
  • OS: [e.g. Android 14] Android 14
  • Version: [e.g. v17.1 RC 2] UD1A.231105.004

Crash Logs (Advanced)

type: crash
osVersion: google/husky/husky:14/UD1A.231105.004/2023112900:user/release-keys
package: org.torproject.android:1711200302
process: org.torproject.android
processUptime: 0 + 0 ms
installer: dev.imranr.obtainium

signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0300bf525fcdd4b0

backtrace:
      #00 pc 0000000000985a40  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000) (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32)
      #01 pc 000000000034e198  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000)

Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports

southwestgit avatar Dec 01 '23 05:12 southwestgit

Describe the Bug

App is not runnable on Grapheneos with memory tag protection.

To Reproduce

Enable memory tag protection on GrapheneOS and run app.

Expected Behavior

The app to function secure memory tagging turned on.

What Custom Configuration Do You Use?

GrapheneOS with memory tag protection.

Smartphone (please complete the following information):

  • Device: [e.g. Pixel 8] Pixel 8
  • OS: [e.g. Android 14] Android 14
  • Version: [e.g. v17.1 RC 2] v17 RC 1 (tor 0.4.8.7)
type: crash
osVersion: google/shiba/shiba:14/UQ1A.240105.004/2024010400:user/release-keys
uid: 10149 (u:r:untrusted_app_32:s0:c149,c256,c512,c768)
cmdline: org.torproject.android
processUptime: 2062s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 100ca634ddf95d0
threadName: Thread-8
MTE: enabled

backtrace:
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (pc 34b168)

LoHub avatar Jan 11 '24 21:01 LoHub

" /data/app//org.torproject.android-/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)"

seems to be the source of the issue?

n8fr8 avatar Jan 12 '24 13:01 n8fr8

Seems like something to run by core tor devs.

eighthave avatar Jan 15 '24 13:01 eighthave