[tor-bugs] #10599 [Tor bundles/installation]: Investigate building TBB with SoftBound or AddressSanitizer
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 24 16:19:06 UTC 2014
#10599: Investigate building TBB with SoftBound or AddressSanitizer
------------------------------------------+--------------------------------
Reporter: mikeperry | Owner: erinn
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords: gitian, tbb-
Actual Points: | security
Points: | Parent ID:
------------------------------------------+--------------------------------
Comment (by mikeperry):
gk - I have three thoughts about getting this out the door quicker in the
best shape possible:
1. Screw lucid. Let's only support x64 and Precise+ with these builds.
Build 4.9.0 and the ASAN+Ubsan+VTV firefox in Precise, and don't worry
about that 4.9.0 compile error. (Though I guess this means we can't use
the gitian-utils descriptors as-is to build this compiler with the rest of
the tools..).
2. Don't strip it, so stacktraces like the cyperpunks one in comment:16
make sense immediately without the need to make a second set of detached
debug symbols for this build. This way we don't hit #12103 either, and
hopefully all of the other hardening options will remain in-tact too.
3. Install all Firefox langpack locales in one build. This way we don't
have to ship 12 versions of this huge build. We can provide instructions
for users on how to switch their language for now, and perhaps later add a
Tor Launcher or other UI option to select locale for these builds.
Thoughts? I suppose an alternate way to achieve #1 might be to build a 4.8
gcc in lucid and then use that gcc to build 4.9. Not sure which would mean
more build time/hassle on average.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list