[tor-bugs] #10599 [Tor bundles/installation]: Investigate building TBB with SoftBound or AddressSanitizer
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 27 11:39:07 UTC 2014
#10599: Investigate building TBB with SoftBound or AddressSanitizer
------------------------------------------+--------------------------------
Reporter: mikeperry | Owner: erinn
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords: gitian, tbb-
Actual Points: | security
Points: | Parent ID:
------------------------------------------+--------------------------------
Comment (by gk):
Replying to [comment:24 mikeperry]:
> Replying to [comment:22 gk]:
> > Replying to [comment:21 mikeperry]:
> > > gk - I have three thoughts about getting this out the door quicker
in the best shape possible:
> > >
> > > 1. Screw lucid. Let's only support x64 and Precise+ with these
builds. Build 4.9.0 and the ASAN+Ubsan+VTV firefox in Precise, and don't
worry about that 4.9.0 compile error. (Though I guess this means we can't
use the gitian-utils descriptors as-is to build this compiler with the
rest of the tools..).
> >
> > We are not only throwing lucid but debian stable and presumably other
distros as well out of the boat. So I'd rather avoid that at the moment if
possible. Re: re-using descriptors: I wouldn't worry about that much
currently as we need a separate hardening-branch anyway (e.g. we don't
build 32bit bundles as this breaks etc.).
>
> Ubuntu 12.04 was released before debian/stable, so that should be OK.
I can't run software compiled on precise on wheezy, the current debian
stable. The libc is not new enough.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list