[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16352 [Applications/Tor Browser]: Play with Intel's MPX for hardened Tor Browser builds
#16352: Play with Intel's MPX for hardened Tor Browser builds
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201711 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor4
------------------------------------------------+--------------------------
Comment (by arthuredelstein):
Here's what I have done with MPX so far:
I have been using an MPX-supporting VPS and confirmed with a simple test
program that `gcc -fcheck-pointer-bounds -mmpx` produces a binary that
catches heap buffer overflows at runtime. Using CFLAGS and CXXFLAGS in
mozconfig, and upgrading to the latest version of the gold linker, I built
a big part of Firefox 52 using the same flags.
But I'm currently running into the following error, which occurs only when
the `-fcheck-pointer-bounds` flag is present in CFLAGS:
{{{
2:46.68 ../../../../build/unix/gold/ld: error: /home/arthur/tor-browser
/obj-x86_64-pc-linux-gnu/config/external/nspr/pr/pripv6.o: re\
quires dynamic R_X86_64_PC32 reloc against '_pr_test_ipv6_socket' which
may overflow at runtime; recompile with -fPIC
2:46.68 ../../../../build/unix/gold/ld: error: /home/arthur/tor-browser
/obj-x86_64-pc-linux-gnu/config/external/nspr/pr/pratom.o: re\
quires dynamic R_X86_64_PC32 reloc against '_PR_x86_64_AtomicAdd' which
may overflow at runtime; recompile with -fPIC
2:46.68 ../../../../build/unix/gold/ld: error: read-only segment has
dynamic relocations
2:46.68 collect2: error: ld returned 1 exit status
2:46.68 /home/arthur/tor-browser/config/rules.mk:800: recipe for target
'libnspr4.so' failed
2:46.68 make[5]: *** [libnspr4.so] Error 1
2:46.68 make[5]: Leaving directory '/home/arthur/tor-browser/obj-x86_64
-pc-linux-gnu/config/external/nspr/pr'
2:46.68 /home/arthur/tor-browser/config/recurse.mk:71: recipe for target
'config/external/nspr/pr/target' failed
2:46.68 make[4]: *** [config/external/nspr/pr/target] Error 2
}}}
I've tried a number of things to fix this error, including adding `-fPIC`
to CFLAGS as well as NSPR_CFLAGS, but so far nothing has succeeded. I plan
to continue to try to fix this bug and any remaining errors that turn up
in the build, and then it should be possible to implement a patch for tor-
browser-build.git.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16352#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs