[tor-bugs] #10599 [Tor bundles/installation]: Investigate building TBB with SoftBound or AddressSanitizer

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 27 07:36:31 UTC 2014 

#10599: Investigate building TBB with SoftBound or AddressSanitizer
------------------------------------------+--------------------------------
     Reporter:  mikeperry                 |      Owner:  erinn
         Type:  enhancement               |     Status:  new
     Priority:  major                     |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  gitian, tbb-
Actual Points:                            |  security
       Points:                            |  Parent ID:
------------------------------------------+--------------------------------

Comment (by gk):

 Replying to [comment:24 mikeperry]:
 > Replying to [comment:22 gk]:
 > > Replying to [comment:21 mikeperry]:
 > > > 3. Install all Firefox langpack locales in one build. This way we
 don't have to ship 12 versions of this huge build. We can provide
 instructions for users on how to switch their language for now, and
 perhaps later add a Tor Launcher or other UI option to select locale for
 these builds.
 > >
 > > Hrm... I am not a fan of this idea for a couple of reasons:
 > > 0) We need to fix #12103 anyway for non-hardened builds.
 >
 > Hrmm. Assuming it's as easy as using a newer binutils..

 Even if not we need to fix it somehow. :)

 > > 1) Users have to download a huge build (e.g. the debug symbols file
 alone is twice as big with ASan) which might deter from testing/using it.
 >
 > Can we easily convert the stacktrace from
 http://paste.debian.net/hidden/b7b2f353/ using detached symbols? Can you
 post your symbols for that bug so I can take a look to see if it is
 possible?

 The symbols are in
 https://people.torproject.org/~gk/testbuilds/asan/20140521/ as well, now.
 > > 2) We need to provide additional instructions and/or a Tor Launcher
 patch that both need to be maintained.
 >
 > For the locale thing, I don't think this is too much of a problem
 compared to the cost to us otherwise. The alternative is an additional 15
 40M files for each locale. It gets even more unweildy if we decide to do
 ASAN builds for all other platforms, as our dist size would then be around
 4GB. I think we definitely want to avoid shipping two sets of bundles for
 all platforms for all locales.

 Okay, yes. That is a good point for shipping all locales in one build. But
 I am still not convinced that every user has to download a huge,
 unstripped bundle.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list