[tor-bugs] #21925 [Applications/Tor Browser]: Tor Browser based on ESR52 can't get built with ASan and FORTIFY_SOURCE
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 4 09:52:26 UTC 2017
#21925: Tor Browser based on ESR52 can't get built with ASan and FORTIFY_SOURCE
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #21998 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:4 tom]:
> You're not supposed to build ASAN with FORTIFY, or so I am told by
people who I think know what they're talking about.
>
> See:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1377553
> https://bugzilla.mozilla.org/show_bug.cgi?id=1419607
> https://bugzilla.mozilla.org/show_bug.cgi?id=1418052
Which does not mean compilation should break. Apart from that there is
still an issue open on the ASan side
(https://github.com/google/sanitizers/issues/247) and glibc side to fix
that: https://sourceware.org/bugzilla/show_bug.cgi?id=20422 (there seem to
be some additional benefits of FORTIFY_SOURCE mentioned in this icket).
So, it's not that one is generally not supposed to build with with ASan
and FORTIFY_SOURCE: they just don't work together right now.
Now, this ticket got filed when we still shipped the hardened series.
While those were not builds meant to be used in production mode they were
more production-like than the ASan builds we currently envision: those
with `--enable-debug` and `--enable-tests` etc. and not distributed to
users. I guess one could argue for those builds at least it is fine to
disable FORTIFIY_SOURCE?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21925#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list