Opened 2 years ago

Last modified 20 months ago

#20971 new defect

Try building Tor Browser with SafeStack

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

SafeStack is part of the Levee project and prevents stack smashing attacks. It is reported to have a negligible performance hit.

Together, Levee's components, SafeStack and CPI or CPS, are supposed to prevent code flow hijacking. Once CPI and CPS have been released, we should try those as well.

Child Tickets

Change History (2)

comment:1 Changed 21 months ago by cypherpunks

The SafeStack enforcement mechanism is now part of the Clang compiler

https://clang.llvm.org/docs/SafeStack.html

SafeStack is a component of Code-Pointer Separation (CPS).
CPS is a simplified version of Code-Pointer Integrity (CPI).

But

compiling dynamic libraries with SafeStack is not supported.
SafeStack was tested on Linux, FreeBSD and MacOSX.

Instead of CPS/CPI Clang prefers #20361.

comment:2 Changed 20 months ago by gk

Keywords: tbb-hardened removed

Remove tbb-hardened keyword.

Note: See TracTickets for help on using tickets.