Opened 3 years ago

Closed 15 months ago

#23591 closed enhancement (wontfix)

Build Tor and Tor Browser with -mmitigate-rop

Reported by: cypherpunks Owned by: tbb-team
Priority: Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-rbm
Cc: Actual Points:
Parent ID: #21448 Points:
Reviewer: Sponsor:


GCC 6 has a new option, -mmitigate-rop, which modifies the generated code to make finding ROP gadgets a bit harder. This is not CFI and does not provide strong protections, but it's better than nothing and is easier to use than alternatives, given that it doesn't require modifying source code for compatibility or loading a new runtime.


Try to avoid generating code sequences that contain unintended
return opcodes, to mitigate against certain forms of attack. At the
moment, this option is limited in what it can do and should not be
relied on to provide serious protection.

I suppose someone should try compiling Tor with this and scan for ROP gadgets using popular ROP compilers on it.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by cypherpunks

I have been using this with the Tor binary for a while and it is not causing any issues.

comment:2 Changed 3 years ago by cypherpunks

Component: ApplicationsApplications/Tor Browser
Keywords: tbb-security added
Owner: set to tbb-team

Needs investigation.

comment:3 Changed 3 years ago by gk

Keywords: tbb-rbm added

comment:4 Changed 2 years ago by traumschule

Parent ID: #21448

comment:5 Changed 15 months ago by tom

I think we can close this as we are no longer shipping gcc builds.

comment:6 Changed 15 months ago by gk

Resolution: wontfix
Status: newclosed

Actually we only transitioned to mingw-w64-clang for Firefox right now. Tor e.g. is still built with mingw-w64-gcc. So, we could leave this open for that case but the right fix I think is just moving all our Windows cross-builds to mingw-w64-clang instead. Thus, WONTFIX.

Note: See TracTickets for help on using tickets.