Changes between Version 5 and Version 6 of Ticket #21448


Ignore:
Timestamp:
Feb 20, 2017, 6:27:06 AM (3 years ago)
Author:
arthuredelstein
Comment:

Here are some security flags I think we can add to the gcc-based builds (Linux and mingw). There is heavy overlap with the proposed flags in https://bugzilla.mozilla.org/show_bug.cgi?id=620058. (I think we should be able to add similar flags to the clang based builds -- I will look into that after we settle on flags to add to gcc.)

-Werror=format
-Werror=format-security
-fstack-protector-strong
--param ssp-buffer-size=4
-pie -fPIE
-D_FORTIFY_SOURCE=2 -O1
-Wl,-z,relro,-z,now
-ftrapv

Note I am leaving out more advanced mitigations like -fvtable-verify=std for this iteration because getting these to work is likely to be complex.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21448 – Description

    v5 v6  
    1 I think we may be able to add some configure/compiler/linker flags in Tor Browser that can improve security without many downsides. Let's figure out what those are and add them. I would suggest child tickets for each new flag, so we can do this step by step.
     1I think we may be able to add some configure/compiler/linker flags in Tor Browser that can improve security without many downsides. Let's figure out what those are and add them.