[tbb-bugs] #20361 [Applications/Tor Browser]: Investigate CFI means for usage in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 9 05:48:05 UTC 2017

#20361: Investigate CFI means for usage in Tor Browser
 Reporter:  gk                          |          Owner:  tbb-team
     Type:  task                        |         Status:  new
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:

Comment (by cypherpunks):

 It's important to understand that Clang CFI requires LTO support, which
 itself is a security issue, making latent undefined behavior exploitable.
 UBSan only catches a small subset of these, so the issues caused by full
 LTO support are not mitigated by the sanitizer. However, it can be
 mitigated by setting the O2 optimization for the compiler, but only O1 for
 the linker. This disables the unsafe LTO optimizations which the linker
 would otherwise use, while still being sufficient for CFI to function.
 Keeping the compiler at O2 will ensure that there won't be performance

 It would be possible to modify the compiler itself or provide it with a
 plugin to change the order of various passes, which would have the same
 effect. I believe the private PaX RAP plugin does this.

 This is information I found out from multiple IRC discussions and looking
 into the workings of Clang CFI. If necessary, I can post the relevant

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20361#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list