[tor-bugs] #10599 [Tor bundles/installation]: Investigate building TBB with SoftBound

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 9 20:40:04 UTC 2014 

#10599: Investigate building TBB with SoftBound
------------------------------------------+--------------------------------
     Reporter:  mikeperry                 |      Owner:  erinn
         Type:  enhancement               |     Status:  new
     Priority:  major                     |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  gitian, tbb-
Actual Points:                            |  security
       Points:                            |  Parent ID:
------------------------------------------+--------------------------------
Description changed by mikeperry:

Old description:

> We should see if we can get TBB to build with SoftBound+CETS, a memory-
> safety extension to LLVM: http://acg.cis.upenn.edu/softbound/
>
> Apparently to get full benefit we may need to annotate the Mozilla
> allocator, but we should be able make a test build without that
> annotation (it will just treat the entire malloc pool as one allocation).
>
> Other resources:
> * https://events.ccc.de/congress/2013/Fahrplan/events/5412.html (CCC talk
> about building FreeBSD with Softbound)
> * http://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-
> _201312271830_-_bug_class_genocide_-_andreas_bogk.html (Video for the
> same)
> * http://blog.regehr.org/archives/939 (see especially the comments)
> * http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-April/048569.html
> (Related projects to SoftBound, including some enhancements/alternatives)

New description:

 We should see if we can get TBB to build with SoftBound+CETS, a memory-
 safety extension to LLVM: http://acg.cis.upenn.edu/softbound/

 Apparently to get full benefit we may need to annotate the Mozilla
 allocator, but we should be able make a test build without that annotation
 (it will just treat the entire malloc pool as one allocation).

 SAFECode is apparently an extension to SoftBound, but it has only been
 rebased to LLVM 3.2 (where as SoftBound has been kept up to date to LLVM
 3.4): http://safecode.cs.illinois.edu/

 Other resources:
 * https://events.ccc.de/congress/2013/Fahrplan/events/5412.html (CCC talk
 about building FreeBSD with Softbound)
 * http://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-
 _201312271830_-_bug_class_genocide_-_andreas_bogk.html (Video for the
 same)
 * http://blog.regehr.org/archives/939 (see especially the comments)
 * http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-April/048569.html
 (Related projects to SoftBound, including some enhancements/alternatives)

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list