[tor-bugs] #23357 [Core Tor/Tor]: Build with non-Cross-DSO CFI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 30 02:36:07 UTC 2017
#23357: Build with non-Cross-DSO CFI
----------------------------------------+----------------------------------
Reporter: shawn.webb | Owner: (none)
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: security, defence-in-depth | Actual Points:
Parent ID: | Points: 1.0
Reviewer: | Sponsor:
----------------------------------------+----------------------------------
Changes (by teor):
* keywords: => security, defence-in-depth
* status: new => needs_revision
* points: => 1.0
* milestone: => Tor: 0.3.2.x-final
Comment:
Thanks for this patch!
I think we might want this enabled for our debug and development builds.
So we might want to add it to `--enable-fragile-hardening`.
Here is a quick review:
Is there a way of enabling this feature if it's supported by the compiler,
but disabling it otherwise?
Why do we only enable this feature for tor itself?
I think it would also be useful to have it enabled for:
* fuzzing
* unit tests
Should this line say `+=`?
{{{
src_or_tor_CFLAGS = -flto -fvisibility=hidden -fsanitize=cfi
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23357#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list