[tor-bugs] #23024 [Applications/Tor Browser]: Flags to increase hardening on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 16 16:26:13 UTC 2019
#23024: Flags to increase hardening on Windows
-------------------------------------------+-------------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201711, tbb-rbm | Actual Points:
Parent ID: #21448 | Points:
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Comment (by cypherpunks):
What about `--icf=all` automatically? https://github.com/llvm/llvm-
project/blob/d0f63f83e7c5c6fc11e964f848d1496234695182/lld/MinGW/Driver.cpp#L265
> --forceinteg - not applicablt to clang/lld
What do you mean? Just disabled by default: https://github.com/llvm/llvm-
project/blob/ee6fbebbaff5af0a0fbe58a0e33ef191340223ea/lld/COFF/Driver.cpp#L1507
> --no-seh - set by lld automatically https://reviews.llvm.org/D41252
(but this would be good to confirm manually
What about `--safeseh` automatically? https://github.com/llvm/llvm-
project/blob/ee6fbebbaff5af0a0fbe58a0e33ef191340223ea/lld/COFF/Driver.cpp#L1617
> --tsaware - I'm not sure but I really hope that this is completely
unneeded by now.
Because it is enabled and should be enabled by default, you mean?
https://github.com/llvm/llvm-
project/blob/ee6fbebbaff5af0a0fbe58a0e33ef191340223ea/lld/COFF/Driver.cpp#L1513
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23024#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list