[tor-bugs] #23357 [Core Tor/Tor]: Build with non-Cross-DSO CFI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 2 01:46:28 UTC 2017
#23357: Build with non-Cross-DSO CFI
----------------------------------------+----------------------------------
Reporter: shawn.webb | Owner: (none)
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: security, defence-in-depth | Actual Points:
Parent ID: | Points: 1.0
Reviewer: | Sponsor:
----------------------------------------+----------------------------------
Comment (by shawn.webb):
We at HardenedBSD have now dropped this patch in our ports tree in favor
of CFI applied to the entire codebase. We're actively working on replacing
the elftoolchain utilities (objdump, nm, ar, and ranlib) with the llvm
equivalents. We're almost there and expect to be there by the end of this
week.
I've done basic testing with Tor 0.3.1.7 compiled with CFI applied to the
entire codebase with success. My testing consisted of running Tor with the
stock config and ensuring it can connect to the Tor network and establish
a circuit.
Once HardenedBSD 12-CURRENT officially makes the switch to the full llvm
toolchain, I will do an expanded test with my Tor-ified network.
If upstream Tor decides to drop this patch, I would actually be in favor
of it. Due to the majority of the code being in statically-linked internal
libraries, this patch doesn't amount to much.
Regardless, I will keep this bug report open and report back with my
results regarding CFI.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23357#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list