Opened 3 years ago

Closed 3 years ago

#18895 closed defect (implemented)

--enable-expensive-hardening has hard-to-debug failures when run-time libraries aren't installed

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201605, review-group-2
Cc: Actual Points: 0.1
Parent ID: Points: 1
Reviewer: Sponsor: SponsorS-can

Description

If libabsan or libubsan or libclang_rt.asan or libclang_rt.ubsan is missing, and you try to build with --enable-expensive-hardening, then the autoconf scripts will generate an orconfig.h file that doesn't allow Tor to compile.

What we should probably do here is warn about the missing libraries when --enable-expensive-hardening is in use but the runtime libraries are not present.

Child Tickets

Change History (10)

comment:1 Changed 3 years ago by teor

This is a particular issue on OS X, which ships clang as the default compiler, but without these libraries.

comment:2 Changed 3 years ago by nickm

It also affects Fedora. Apparently there was a bug in the clang build scripts, where you only got these libraries if you built with cmake, but nearly everybody was building with autotools.

comment:3 Changed 3 years ago by nickm

Keywords: 029-nickm-unsure added

Marking these tickets as the ones I think I need more feedback about in order to figure out if I think it should go in 0.2.9.

comment:4 Changed 3 years ago by nickm

Keywords: 029-proposed 029-nickm-unsure removed
Milestone: Tor: 0.2.9.x-final

Including this in 0.2.9, since it won't be too hard. BUT I must remember not to work on it till my ftrapv/fwrapv branch is merged, since that branch touches this code too.

comment:5 Changed 3 years ago by nickm

Keywords: TorCoreTeam201605 added
Owner: set to nickm
Status: newaccepted

Bumping up priority a little since this seems to be breaking some jenkins targets.

comment:6 Changed 3 years ago by nickm

Actual Points: 0.1
Status: acceptedneeds_review

Please see branch hardening_flags_must_link.

comment:7 Changed 3 years ago by isabela

Points: small1

comment:8 Changed 3 years ago by nickm

Keywords: review-group-2 added

Create a review-group-2 from (most of the) tickets in 0.2.8 or 0.2.9 or 029-nickm-says-yes listed as needs_review,

comment:9 Changed 3 years ago by dgoulet

I can't test this on OS X nor a system without libubsan because it's required for the gcc package. However, this seems to work fine on two different system I have (Debian based). Probably could be good to confirm with teor.

As far as I'm concerned, this lgtm.

comment:10 Changed 3 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

sounds fine to me; merged! Will it break build somewhere? That's what alphas are for!

Note: See TracTickets for help on using tickets.