[tbb-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 24 13:44:55 UTC 2015 

#10599: Investigate building TBB with SoftBound or AddressSanitizer
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  gitian, tbb-security, tbb-gitian,
    Component:  Tor      |  TorBrowserTeam201509, GeorgKoppen201509
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 Suppose you start building a hardened tor in a gitian environment with GCC
 5.1.0. Soon, you'll see the configure step is failing. Upon inspection of
 the `config.log` you'll see something like
 {{{
 ==15310==ASan runtime does not come first in initial library list; you
 should either link runtime to your application or manually preload it with
 LD_PRELOAD.
 }}}
 Your first thought is "Damn, libfaketime again!", right? If so, good,
 because that is indeed the issue. If not you are probably trying to
 compile it locally where this is working. Then you try using `LD_PRELOAD`
 as the error message is advising but the build is failing even earlier.
 So, searching a bit you'll find https://www.mail-archive.com/address-
 sanitizer at googlegroups.com/msg00591.html and concerns of GCC devs about
 this feature (https://gcc.gnu.org/ml/gcc-patches/2014-05/msg01919.html).

 Still puzzled you log into the Gitian VM directly and re-run the build.
 Now it is not failing. Could be a Gitian bug, right? So copying the build
 script manually into the VM and making sure it gets exactly executed in
 the same way rules this issue out. And now upon rethinking the problem
 "libfaketime!" pops up in your mind and, Bingo!, that's it.

 I think we should just comment out the `Die()` call in asan_linux.cc as
 done in the attached patch.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list