Flags to increase hardening on macOS

We can add the following flags to our Mac build for some extra protection:

-fstack-protector-strong
-D_FORTIFY_SOURCE=2
-Werror=format
-Werror=format-security

added TorBrowserTeam201710R component::applications/tor browser owner::arthuredelstein parent::21448 priority::medium resolution::fixed severity::normal status::closed tbb-not-backported tbb-rbm type::defect labels

Here's a patch for review. We can add these after the transition to rbm.

https://github.com/arthuredelstein/tor-browser-build/commit/23025

Trac:
Keywords: TorBrowserTeam201707 deleted, TorBrowserTeam201707R added
Status: new to needs_review

Moving review tickets to August.

Trac:
Keywords: TorBrowserTeam201707R deleted, TorBrowserTeam201708R added

Moving reviews to September.

Trac:
Keywords: TorBrowserTeam201708R deleted, TorBrowserTeam201709R added

Hm. I am a bit hesitant using CPPFLAGS here as they are (strictly speaking) not preprocessor related. Would you mind putting the flags into something like HARDENING_FLAGS adding it as we add FLAGS?

Trac:
Status: needs_review to needs_information

-D_FORTIFY_SOURCE=2 too? However, it may make sense while https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653916.

-Werror=format-security is not always active, at least in GCC < 7: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79677.

Trac:
Keywords: TorBrowserTeam201709R deleted, TorBrowserTeam201709 added

Items for October 2017

Trac:
Keywords: TorBrowserTeam201709 deleted, TorBrowserTeam201710 added

Replying to gk:

Hm. I am a bit hesitant using CPPFLAGS here as they are (strictly speaking) not preprocessor related. Would you mind putting the flags into something like HARDENING_FLAGS adding it as we add FLAGS?

You are right. Here's a new version. https://github.com/arthuredelstein/tor-browser-build/commit/23025+1

Trac:
Status: needs_information to needs_review
Keywords: TorBrowserTeam201710 deleted, TorBrowserTeam201710R added

Applied to master with commit 6d0193cd71a4969207d7813029722c48a64bb7de. I pushed a commit to tor-browser-52.4.0esr-7.5-1 as well to allow building just the Firefox part outside of rbm (commit cf8aaea952b4e83eead22b78a5221ff5783d8fab). This is needed until #23656 (moved) is fixed.

Trac:
Resolution: N/A to fixed
Keywords: N/A deleted, tbb-backport, tbb-rbm added
Status: needs_review to closed

Not backported but will be available in 7.5.

Trac:
Keywords: tbb-backport deleted, tbb-not-backported added

closed

moved to tpo/applications/tor-browser#23025 (closed)