[tor-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 1 08:16:47 UTC 2017
#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
> hardening-wrapper is obsolete and has been removed from unstable. Please
use dpkg-buildflags as explained above.
https://wiki.debian.org/Hardening#hardening-wrapper
> hardening-check can only check the resulting binaries and thus might not
catch missing hardening flags if they are only missing in a few places.
blhc is a small parser written in Perl which checks the build logs for
missing hardening flags. It can be used on build logs created by dpkg-
buildpackage or buildd.
http://ruderich.org/simon/blhc/
> For comparison, here are the current Firefox release build flags:
For comparison we need ESR52 build options, both 32-bit and 64-bit for
every OS. What about official MinGW builds?
> I'm not familiar with Windows/mingw build flags, but it looks like we
could possibly switch to -fstack-protector-strong.
All occurrences of {{{-fstack-protector --param ssp-buffer-size=4}}}
should be replaced with at least {{{-fstack-protector=strong}}}.
http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/
> For those who want to protect all the functions then -fstack-protector-
all is recommended.
https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_STACKPROTECTOR_.28gcc.2Fg.2B-.2B-_
-fstack-protector-strong.29
> Also I wonder if -D_FORTIFY_SOURCE=2 and the relro flags make sense.
{{{-D_FORTIFY_SOURCE=2 -O1}}} is a
> Compile-time protection against static sized buffer overflows. No known
regressions or performance loss. This should be enabled system-wide.
https://wiki.debian.org/Hardening#gcc_-D_FORTIFY_SOURCE.3D2_-O1
Some info about using {{{-Os}}}:
https://stackoverflow.com/questions/19470873/why-does-gcc-generate-15-20
-faster-code-if-i-optimize-for-size-instead-of-speed?rq=1
About integer overflow checking, {{{-ftrapv}}} in particular:
Research: https://people.csail.mit.edu/nickolai/papers/wang-stack-tocs.pdf
{{{-ftrapv}}} is not the best option:
https://stackoverflow.com/questions/20851061/how-to-make-gcc-ftrapv-
work#20851708
Practical usage: https://danluu.com/integer-overflow/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list