Opened 4 years ago

Last modified 4 months ago

#12107 new enhancement

Test hardening features on Linux

Reported by: gk Owned by: boklm
Priority: Medium Milestone:
Component: Applications/Quality Assurance and Testing Version:
Severity: Normal Keywords: tbb-testsuite
Cc: intrigeri Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We try to harden the binaries on Linux with a lot of stuff which can be checked with http://www.trapkit.de/tools/checksec.html. By chance I hit a regression (#12103) which made me thinking that it would be a useful thing to test for in our test suite. Checking the tor and firefox binary might be a good start here.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by boklm

Ok, so I added some tests to check for RELRO, stack canary support, NX support, PIE support, no rpath and no runpath. The tests are run on all binaries included in the bundle.

Running this on TBB 3.6.1 gives this:
https://people.torproject.org/~boklm/tmp/tests/r/KemsoWIfrH/tor-browser-linux64-3.6.1_en-US.tar.xz.html

So in addition to no RELRO on firefox, we also have some files without stack canary, and some files with rpath.

comment:2 Changed 4 years ago by intrigeri

Cc: intrigeri added

comment:3 Changed 4 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.