[tor-bugs] #10065 [Tor Browser]: Improve Hardening for TBB3.0

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 26 23:06:40 UTC 2014


#10065: Improve Hardening for TBB3.0
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  erinn
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  MikePerry201408R, tbb-3.0, gitian,
  Browser                |  tbb-security, tbb-gitian, tbb-isec-report
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by erinn):

 Hi gk,

 Thanks for your great review.

 I've updated my branch (it was a force-update though) to address points 1)
 and 3).

 1) I fixed #10077 and now everything builds with our compiler. The PTs
 aren't really using it, but the .pyd files are, and the way to check
 resulting binaries is by running strings file | grep -i gcc. gcc 4.8.3 is
 thoughtful enough to write its version into everything, and 4.6.3 doesn't
 seem to do the same. I've verified where I can.

 2) I remember having some trouble getting Firefox to accept all of the
 necessary flags last time I did this and the wrappers make it very
 convenient. I'm not sure why the flags are not showing up in
 about:buildconfig -- if you inspect the binaries with PE Studio, procexp,
 and Process Hacker, it very clearly shows that DEP and ASLR are enabled.
 I'll play around with it a bit more and see if the wrappers are the cause;
 it might be simply a strange "cosmetic" issue.

 3) You were right, we don't need that. It's only necessary in cases where
 mingw-w64 is installed and if we're building with our own, we don't need
 to install mingw-w64 anywhere.

 As for non-reproducibility, I think I must've left something out of my
 branch. I've rebuilt twice with my current branch and both times the
 sha256sums matched. Can you tell me if you still see issues? My current
 sha256sum for torbrowser-install-4.0-alpha-1_en-US.exe with my changes is
 2784dea6ec561d4d4225812461274730dc004a3b8ca88c6a3360e05e3fa03741.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list