[tor-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 24 16:50:12 UTC 2017
#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
After a lot of experimentation, I opened #23024 and #23025 to add some
extra hardening flags for Windows and Mac respectively. In the meantime I
also found several promising flags didn't work after all:
Windows (mingw cross-compile):
* `-z,relro,-z,now` fails (is there an equivalent flag for Windows
binaries?)
* `Werror=format` throws errors (around uses of `%lld`)
* `-fstack-protector-strong`
[https://sourceforge.net/p/mingw-w64/discussion/723798/thread/de524c41/
didn't build]; in #23024 I propose trying `-fstack-protector-all` instead.
macOS (clang-based cross compile):
* `-z,relro,-z,now` fails (is there an equivalent flag for Mac binaries?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list