Opened 3 months ago

Last modified 22 hours ago

#28611 new enhancement

Add `-mstack-protector-guard=global` to CFLAGS instead of `--disable-gcc-hardening` configure option on Windows?

Reported by: grj Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 029-backport, 033-backport, 034-backport, 035-backport, win32, postfreeze-ok, 040-deferred-20190220
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86832#c8

Tor compiles fine on Windows mingw gcc 8.2 without --disable-gcc-hardening if add -mstack-protector-guard=global to CFLAGS

Child Tickets

TicketTypeStatusOwnerSummary
#27530defectacceptednickmConfigure: Use AC_TRY_RUN() to check that --enable-gcc-hardening works

Change History (5)

comment:1 Changed 3 months ago by nickm

Keywords: 029-backport 033-backport 034-backport 035-backport win32 added
Milestone: Tor: 0.4.0.x-final

comment:2 Changed 3 months ago by teor

-mstack-protector-guard=global -fstack-protector{,-all,-strong,-explicit} is required on gcc 8.2 on some targets, to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86832

The gcc issue should be fixed in the next gcc release.

So let's combine this ticket and #27530.

If --enable-expensive-hardening is set:

  • AC_TRY_RUN with tor's standard hardening flags
  • if that doesn't work, use -mstack-protector-guard=global -fstack-protector{,-all,-strong,-explicit}
  • if that doesn't work, disable hardening
  • if that doesn't work, fail configure

comment:4 Changed 5 weeks ago by nickm

Keywords: postfreeze-ok added

Mark some tickets as postfreeze-ok, to indicate that I think they are okay to accept in 0.4.0 post-freeze. Does not indicate that they are all necessary to do postfreeze.

comment:5 Changed 22 hours ago by nickm

Keywords: 040-deferred-20190220 added
Milestone: Tor: 0.4.0.x-finalTor: unspecified

Deferring 51 tickets from 0.4.0.x-final. Tagging them with 040-deferred-20190220 for visibility. These are the tickets that did not get 040-must, 040-can, or tor-ci.

Note: See TracTickets for help on using tickets.