[tor-bugs] #10065 [Tor bundles/installation]: Improve Hardening for TBB3.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 16 21:24:12 UTC 2014
#10065: Improve Hardening for TBB3.0
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: erinn
Type: defect | Status: accepted
Priority: major | Milestone:
Component: Tor | Version:
bundles/installation | Keywords: tbb-3.0, gitian, tbb-
Resolution: | security
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by mikeperry):
The crash happened for me with way more than just ASLR enabled. I did:
export CFLAGS="-mwindows -fstack-protector-all -fPIE -Wstack-protector
--param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-
initializers -Wformat-security"
export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -lssp
-L/usr/lib/gcc/i686-w64-mingw32/4.6/"
I also wrapped g++, gcc, and ld:
https://gitweb.torproject.org/builders/tor-browser-
bundle.git/blob/HEAD:/gitian/build-helpers/i686-w64-mingw32-g++
https://gitweb.torproject.org/builders/tor-browser-
bundle.git/blob/HEAD:/gitian/build-helpers/i686-w64-mingw32-gcc
https://gitweb.torproject.org/builders/tor-browser-
bundle.git/blob/HEAD:/gitian/build-helpers/i686-w64-mingw32-ld
I'm guessing one of those many options is the culprit. Ideally we'd find
out what it is, report it, and use the rest.
But in the short term, if just ASLR and DEP can be enabled without issue,
we should start building with those two at least.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list