#23024: Flags to increase hardening on Windows --------------------------------------+-------------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: needs_revision Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201707 | Actual Points: Parent ID: #21448 | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------------
Comment (by cypherpunks): Replying to [comment:1 arthuredelstein]: > However, a Windows Tor Browser built with this patch (using `-fstack- protector-all`) doesn't seem subjectively slower to me, so I would suggest trying this on the alpha, at least until we have a solution for `-fstack- protector-strong` on mingw-w64. Also you can copy https://dxr.mozilla.org/mozilla-esr52/source/old- configure.in#957 to `*-mingw*)` section to gain parity with Linux. Replying to [comment:4 gk]: > I tested `-fstack-protector-strong` on top of the latest `tor-browser- bundle` commit. And the compilation worked as expected. Is that a `tor- browser-build` issue? Or maybe the GCC version bump (tor 5.4.0) resolved this problem? tor 5.4.0 from 2540 :) Try with `--disable-auto-import` for fun :) > Regarding fortify source: Have you checked whether the `_chk` part is actually there after compiling with `-D_FORTIFY_SOURCE=2`? Because it does not seem to be the case. Doing a > {{{ > i686-w64-mingw32-nm -C firefox.exe | grep strcpy > }}} > after compiling with the flags in your patch does only give ma a > {{{ > 0041b3f4 I _imp__strcpy > 00413320 T strcpy > }}} > (Note: In order to check it the way I did you need to compile the browser part with `--disable-strip` and `--disable-install-strip`) > > Assuming I am not mistaken then the likely root cause of this problem is a GCC bug which the RedHat people are tracking in https://bugzilla.redhat.com/show_bug.cgi?id=1324759. This is https://bugzilla.mozilla.org/show_bug.cgi?id=1359908 You also need something to: 1. check your flags passed and applied properly 2. check features compiled properly 3. check features works properly -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23024#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs