[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23024 [Applications/Tor Browser]: Flags to increase hardening on Windows
#23024: Flags to increase hardening on Windows
--------------------------------------+--------------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201707 | Actual Points:
Parent ID: #21448 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------------
Comment (by cypherpunks):
Replying to [comment:1 arthuredelstein]:
> However, a Windows Tor Browser built with this patch (using `-fstack-
protector-all`) doesn't seem subjectively slower to me, so I would suggest
trying this on the alpha, at least until we have a solution for `-fstack-
protector-strong` on mingw-w64.
Also you can copy https://dxr.mozilla.org/mozilla-esr52/source/old-
configure.in#957 to `*-mingw*)` section to gain parity with Linux.
Replying to [comment:4 gk]:
> I tested `-fstack-protector-strong` on top of the latest `tor-browser-
bundle` commit. And the compilation worked as expected. Is that a `tor-
browser-build` issue? Or maybe the GCC version bump (tor 5.4.0) resolved
this problem?
tor 5.4.0 from 2540 :) Try with `--disable-auto-import` for fun :)
> Regarding fortify source: Have you checked whether the `_chk` part is
actually there after compiling with `-D_FORTIFY_SOURCE=2`? Because it does
not seem to be the case. Doing a
> {{{
> i686-w64-mingw32-nm -C firefox.exe | grep strcpy
> }}}
> after compiling with the flags in your patch does only give ma a
> {{{
> 0041b3f4 I _imp__strcpy
> 00413320 T strcpy
> }}}
> (Note: In order to check it the way I did you need to compile the
browser part with `--disable-strip` and `--disable-install-strip`)
>
> Assuming I am not mistaken then the likely root cause of this problem is
a GCC bug which the RedHat people are tracking in
https://bugzilla.redhat.com/show_bug.cgi?id=1324759.
This is https://bugzilla.mozilla.org/show_bug.cgi?id=1359908
You also need something to:
1. check your flags passed and applied properly
2. check features compiled properly
3. check features works properly
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23024#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs