#21448: Identify what build flags we should be using for security, and use them --------------------------------------+-------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by arthuredelstein): After a lot of experimentation, I opened #23024 and #23025 to add some extra hardening flags for Windows and Mac respectively. In the meantime I also found several promising flags didn't work after all: Windows (mingw cross-compile): * `-z,relro,-z,now` fails (is there an equivalent flag for Windows binaries?) * `Werror=format` throws errors (around uses of `%lld`) * `-fstack-protector-strong` [https://sourceforge.net/p/mingw-w64/discussion/723798/thread/de524c41/ didn't build]; in #23024 I propose trying `-fstack-protector-all` instead. macOS (clang-based cross compile): * `-z,relro,-z,now` fails (is there an equivalent flag for Mac binaries?) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:13> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs