[tor-bugs] #23357 [Core Tor/Tor]: Build with non-Cross-DSO CFI

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 2 01:46:28 UTC 2017


#23357: Build with non-Cross-DSO CFI
----------------------------------------+----------------------------------
 Reporter:  shawn.webb                  |          Owner:  (none)
     Type:  enhancement                 |         Status:  needs_revision
 Priority:  Medium                      |      Milestone:  Tor:
                                        |  0.3.3.x-final
Component:  Core Tor/Tor                |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  security, defence-in-depth  |  Actual Points:
Parent ID:                              |         Points:  1.0
 Reviewer:                              |        Sponsor:
----------------------------------------+----------------------------------

Comment (by shawn.webb):

 We at HardenedBSD have now dropped this patch in our ports tree in favor
 of CFI applied to the entire codebase. We're actively working on replacing
 the elftoolchain utilities (objdump, nm, ar, and ranlib) with the llvm
 equivalents. We're almost there and expect to be there by the end of this
 week.

 I've done basic testing with Tor 0.3.1.7 compiled with CFI applied to the
 entire codebase with success. My testing consisted of running Tor with the
 stock config and ensuring it can connect to the Tor network and establish
 a circuit.

 Once HardenedBSD 12-CURRENT officially makes the switch to the full llvm
 toolchain, I will do an expanded test with my Tor-ified network.

 If upstream Tor decides to drop this patch, I would actually be in favor
 of it. Due to the majority of the code being in statically-linked internal
 libraries, this patch doesn't amount to much.

 Regardless, I will keep this bug report open and report back with my
 results regarding CFI.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23357#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list