[tbb-bugs] #23024 [Applications/Tor Browser]: Flags to increase hardening on Windows

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 30 20:21:52 UTC 2017

#23024: Flags to increase hardening on Windows
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_revision
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201707      |  Actual Points:
Parent ID:  #21448                    |         Points:
 Reviewer:                            |        Sponsor:
Changes (by gk):

 * keywords:  TorBrowserTeam201707R => TorBrowserTeam201707
 * cc: boklm (added)
 * status:  needs_review => needs_revision


 I tested `-fstack-protector-strong` on top of the latest `tor-browser-
 bundle` commit. And the compilation worked as expected. Is that a `tor-
 browser-build` issue? Or maybe the GCC version bump (tor 5.4.0) resolved
 this problem?

 Regarding fortify source: Have you checked whether the `_chk` part is
 actually there after compiling with `-D_FORTIFY_SOURCE=2`? Because it does
 not seem to be the case. Doing a
 i686-w64-mingw32-nm -C firefox.exe | grep strcpy
 after compiling with the flags in your patch does only give ma a
 0041b3f4 I _imp__strcpy
 00413320 T strcpy
 (Note: In order to check it the way I did you need to compile the browser
 part with `--disable-strip` and `--disable-install-strip`)

 Assuming I am not mistaken then the likely root cause of this problem is a
 GCC bug which the RedHat people are tracking in

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23024#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list