[tbb-bugs] #29694 [Applications/Tor Browser]: Build Go binaries with `-buildmode=pie"?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 8 13:24:10 UTC 2019
#29694: Build Go binaries with `-buildmode=pie"?
------------------------------------------+----------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-rbm
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I was looking a bit how the `obfs4proxy` binary gets build for Android
today and it turns out that Briar etc. use `-buildmode=pie`. Currently our
Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc.
enabled). Trying with `-buildmode=pie` results in "PIE enabled" but
somewhat surprisingly our stack canaries are gone (but we get partial
RELRO).
So, generally, should we start using PIE mode (and `-extldflags=-pie`
where needed)? Or are we good with what we have?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29694>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list