[tbb-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 20 06:27:07 UTC 2017
#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Old description:
> I think we may be able to add some configure/compiler/linker flags in Tor
> Browser that can improve security without many downsides. Let's figure
> out what those are and add them. I would suggest child tickets for each
> new flag, so we can do this step by step.
New description:
I think we may be able to add some configure/compiler/linker flags in Tor
Browser that can improve security without many downsides. Let's figure out
what those are and add them.
--
Comment (by arthuredelstein):
Here are my thoughts for flags we can add to the gcc-based builds (Linux
and mingw). (I think we should be able to add similar flags to the clang
based builds -- I will look into that after we settle on flags to add to
gcc.)
{{{
-Werror=format
-Werror=format-security
-fstack-protector-strong
--param ssp-buffer-size=4
-pie -fPIE
-D_FORTIFY_SOURCE=2 -O1
-Wl,-z,relro,-z,now
-ftrapv
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list