#21448: Identify what build flags we should be using for security, and use them --------------------------------------+-------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by cypherpunks): > hardening-wrapper is obsolete and has been removed from unstable. Please use dpkg-buildflags as explained above. https://wiki.debian.org/Hardening#hardening-wrapper > hardening-check can only check the resulting binaries and thus might not catch missing hardening flags if they are only missing in a few places. blhc is a small parser written in Perl which checks the build logs for missing hardening flags. It can be used on build logs created by dpkg- buildpackage or buildd. http://ruderich.org/simon/blhc/ > For comparison, here are the current Firefox release build flags: For comparison we need ESR52 build options, both 32-bit and 64-bit for every OS. What about official MinGW builds? > I'm not familiar with Windows/mingw build flags, but it looks like we could possibly switch to -fstack-protector-strong. All occurrences of {{{-fstack-protector --param ssp-buffer-size=4}}} should be replaced with at least {{{-fstack-protector=strong}}}. http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ > For those who want to protect all the functions then -fstack-protector- all is recommended. https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_STACKPROTECTOR_.28gcc.2Fg.2B-.2B-_ -fstack-protector-strong.29 > Also I wonder if -D_FORTIFY_SOURCE=2 and the relro flags make sense. {{{-D_FORTIFY_SOURCE=2 -O1}}} is a > Compile-time protection against static sized buffer overflows. No known regressions or performance loss. This should be enabled system-wide. https://wiki.debian.org/Hardening#gcc_-D_FORTIFY_SOURCE.3D2_-O1 Some info about using {{{-Os}}}: https://stackoverflow.com/questions/19470873/why-does-gcc-generate-15-20 -faster-code-if-i-optimize-for-size-instead-of-speed?rq=1 About integer overflow checking, {{{-ftrapv}}} in particular: Research: https://people.csail.mit.edu/nickolai/papers/wang-stack-tocs.pdf {{{-ftrapv}}} is not the best option: https://stackoverflow.com/questions/20851061/how-to-make-gcc-ftrapv- work#20851708 Practical usage: https://danluu.com/integer-overflow/ -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs