[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them



#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 After a lot of experimentation, I opened #23024 and #23025 to add some
 extra hardening flags for Windows and Mac respectively. In the meantime I
 also found several promising flags didn't work after all:

 Windows (mingw cross-compile):
  * `-z,relro,-z,now` fails (is there an equivalent flag for Windows
 binaries?)
  * `Werror=format` throws errors (around uses of `%lld`)
  * `-fstack-protector-strong`
 [https://sourceforge.net/p/mingw-w64/discussion/723798/thread/de524c41/
 didn't build]; in #23024 I propose trying `-fstack-protector-all` instead.

 macOS (clang-based cross compile):
  * `-z,relro,-z,now` fails (is there an equivalent flag for Mac binaries?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs