[tor-bugs] #23357 [Core Tor/Tor]: Build with non-Cross-DSO CFI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 30 03:54:23 UTC 2017
#23357: Build with non-Cross-DSO CFI
----------------------------------------+----------------------------------
Reporter: shawn.webb | Owner: (none)
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: security, defence-in-depth | Actual Points:
Parent ID: | Points: 1.0
Reviewer: | Sponsor:
----------------------------------------+----------------------------------
Comment (by shawn.webb):
> When we configure with a recent clang/llvm and --enable-cfi, then
compile .o files and link them together into the tor binary, does non-
Cross-DSO CFI work for that binary?
Yup. One problem with trying to use CFI with both static and dynamic
libraries is that you need to use llvm-ar, llvm-nm, and llvm-objdump as
your ar, nm, and objdump applications. This is because compiling with CFI
will cause clang to output intermediate object files as LLVM bitcode files
instead of ELF object files. The ar, nm, and objdump applications that
come on most (all?) operating systems only support ELF. Essentially, the
whole compiler toolchain must be switched over to the entire llvm tool
suite.
So, what I can do, is expand the patch to apply the CFLAGS and LDFLAGS to
more of the applications (rather than just tor). This way, we skip
applying CFI to the library code (even though the libraries in the
codebase get statically linked).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23357#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list