Le Fri, 07 May 2010 15:15:07 +0200, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> a Ãcrit : > Hi, > > I've pushed a new git branch 'compileTimeHardening' out to my git > repo. I've also attached a patch for those that are git adverse. > Either way, apply the patch to your current Tor master sources and > you should be in good shape. > > You can use it like so: > ./autogen.sh && ./configure --enable-gcc-warnings > --enable-gcc-hardening --enable-linker-hardening && make && sudo make > install > > The end result on Debian Lenny is a slightly hardened build when > checked with checksec.sh[0]. > > This is weasel's build on my x86 machine: > RELRO STACK CANARY NX PIE > Partial RELRO Canary found NX enabled PIE enabled > > This is a build with my new options on the same machine: > RELRO STACK CANARY NX PIE > Full RELRO Canary found NX enabled PIE enabled > > This is a build without my new options on the same machine: > RELRO STACK CANARY NX PIE > No RELRO No canary found NX enabled No PIE > > This seems like a useful improvement for people building from source. > > The gcc hardening flag works on Mac OS X. The linker hardening is > specific to the ELF binary format and does not work on Mac OS X. So on > Mac OS X, only use '--enable-gcc-hardening' and not > '--enable-linker-hardening' for your builds. > > Checksec doesn't work on Mac OS X. It does appear to be possible to > check if a binary has a stack canary by doing the following (Using Mac > OS X 10.6.3 here): > > nm /bin/ls | grep "chk_guard" > > You should see something like this: > > U ___stack_chk_guard > > Also, you can check by looking for the following with otool on Mac OS > X: > > otool -tvV /bin/ls | grep "___stack_chk_fail" > > You should see something like this: > > 00004bf7 calll 0x00005468 ; symbol stub for: > ___stack_chk_fail > > If you look at /Applications/Vidalia.app/Contents/MacOS/tor, you will > not see those protections at the moment. I think we can improve our > shipping Mac OS X binaries by enabling these protections. The PIE > protections won't really matter until Apple fixes their platform > (perhaps in 10.7?!); still it's nice to be ready and this patch > provides that too. > > It appears that FORTIFY_SOURCE is on by default on Mac OS X. We don't > currently build Tor on Mac OS X with stack canaries though, so we're > improving Tor's security on Mac OS X. It may not be possible to do > this for all versions of Mac OS X - I suspect that Apple may disable > some or all protections to make a binary more compatible with > different Mac OS X versions. > > It would be useful to get some extra testing on other platforms; is > anyone working with Windows building and interested in testing this? I > also left a comment in the patch for hardening flags that would be > useful with a non-gcc compiler on Windows. > > There is some performance cost to running Tor with these security > enhancements. Debian already runs with most of the run time checks and > the relays on Debian appear to be just fine. The only real enhancement > for Linux systems is a startup time cost to gain protection from > GOT/PLT overwrites (if you're already using Weasel's packages). If > you're merely building from source on any of the supported platforms, > it's a huge gain. > > I think this option should be enabled by default at some point in the > future but probably not until we have a reasonably exhaustive list of > information for our major platforms. After we have a little testing > from Tor developers, I'll ask on or-talk for some testers. > > It would be nice to have it merged into master as an optional option > soon though. Roger seemed to think this was a fine idea. I think it > may encourage people to try it out and to help us decide if it's worth > applying as a build default. > > All the best, > Jacob > > [0] http://www.trapkit.de/tools/checksec.html Hello Jacob, I run linux OS but it will great to have a few infos about what are this features, So far with my knowledge, it mean nothing... So any details welcome :P Best regards SWissTorExit
Attachment:
signature.asc
Description: PGP signature