[tbb-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 24 13:44:55 UTC 2015
#10599: Investigate building TBB with SoftBound or AddressSanitizer
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
mikeperry | Status: new
Type: | Milestone:
enhancement | Version:
Priority: major | Keywords: gitian, tbb-security, tbb-gitian,
Component: Tor | TorBrowserTeam201509, GeorgKoppen201509
Browser | Parent ID:
Resolution: |
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
Suppose you start building a hardened tor in a gitian environment with GCC
5.1.0. Soon, you'll see the configure step is failing. Upon inspection of
the `config.log` you'll see something like
{{{
==15310==ASan runtime does not come first in initial library list; you
should either link runtime to your application or manually preload it with
LD_PRELOAD.
}}}
Your first thought is "Damn, libfaketime again!", right? If so, good,
because that is indeed the issue. If not you are probably trying to
compile it locally where this is working. Then you try using `LD_PRELOAD`
as the error message is advising but the build is failing even earlier.
So, searching a bit you'll find https://www.mail-archive.com/address-
sanitizer at googlegroups.com/msg00591.html and concerns of GCC devs about
this feature (https://gcc.gnu.org/ml/gcc-patches/2014-05/msg01919.html).
Still puzzled you log into the Gitian VM directly and re-run the build.
Now it is not failing. Could be a Gitian bug, right? So copying the build
script manually into the VM and making sure it gets exactly executed in
the same way rules this issue out. And now upon rethinking the problem
"libfaketime!" pops up in your mind and, Bingo!, that's it.
I think we should just comment out the `Die()` call in asan_linux.cc as
done in the attached patch.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list