[tor-bugs] #23024 [Applications/Tor Browser]: Flags to increase hardening on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 30 20:21:52 UTC 2017
#23024: Flags to increase hardening on Windows
--------------------------------------+--------------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201707 | Actual Points:
Parent ID: #21448 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------------
Changes (by gk):
* keywords: TorBrowserTeam201707R => TorBrowserTeam201707
* cc: boklm (added)
* status: needs_review => needs_revision
Comment:
I tested `-fstack-protector-strong` on top of the latest `tor-browser-
bundle` commit. And the compilation worked as expected. Is that a `tor-
browser-build` issue? Or maybe the GCC version bump (tor 5.4.0) resolved
this problem?
Regarding fortify source: Have you checked whether the `_chk` part is
actually there after compiling with `-D_FORTIFY_SOURCE=2`? Because it does
not seem to be the case. Doing a
{{{
i686-w64-mingw32-nm -C firefox.exe | grep strcpy
}}}
after compiling with the flags in your patch does only give ma a
{{{
0041b3f4 I _imp__strcpy
00413320 T strcpy
}}}
(Note: In order to check it the way I did you need to compile the browser
part with `--disable-strip` and `--disable-install-strip`)
Assuming I am not mistaken then the likely root cause of this problem is a
GCC bug which the RedHat people are tracking in
https://bugzilla.redhat.com/show_bug.cgi?id=1324759.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23024#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list