Opened 3 years ago

Last modified 2 years ago

#20971 new defect

Try building Tor Browser with SafeStack

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

SafeStack is part of the Levee project and prevents stack smashing attacks. It is reported to have a negligible performance hit.

Together, Levee's components, SafeStack and CPI or CPS, are supposed to prevent code flow hijacking. Once CPI and CPS have been released, we should try those as well.

Child Tickets

Change History (2)

comment:1 Changed 2 years ago by cypherpunks

The SafeStack enforcement mechanism is now part of the Clang compiler

https://clang.llvm.org/docs/SafeStack.html

SafeStack is a component of Code-Pointer Separation (CPS).
CPS is a simplified version of Code-Pointer Integrity (CPI).

But

compiling dynamic libraries with SafeStack is not supported.
SafeStack was tested on Linux, FreeBSD and MacOSX.

Instead of CPS/CPI Clang prefers #20361.

comment:2 Changed 2 years ago by gk

Keywords: tbb-hardened removed

Remove tbb-hardened keyword.

Note: See TracTickets for help on using tickets.