Hardening (was: Re: tor: update to 0.2.9.9)

[ng0]

Leo Famulari <address@hidden> writes:

> On Tue, Jan 24, 2017 at 11:19:33AM +0000, address@hidden wrote:
>> Changes in version 0.2.9.9 - 2017-01-23
>>   o Major bugfixes (security):
>>     - Downgrade the "-ftrapv" option from "always on" to "only on when
>>       --enable-expensive-hardening is provided." This hardening option,
>>       like others, can turn survivable bugs into crashes -- and having
>>       it on by default made a (relatively harmless) integer overflow bug
>>       into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
>>       bugfix on 0.2.9.1-alpha.
>
> I'm not familiar with Tor's build system.
>
> Should we build Tor with "--enable-expensive-hardening"?

I will take a look later what can be applied other than the
default configure flags.

I'm all for hardening, but it seems that the first basic ideas
for Guix are stuck in the idea state.
It would be great to see some movement on this during this
year. I volunteer to help with it, though I don't have as much
experience with SELinux (and only basic experience with
GrSecurity without a modular kernel like GuixSD uses).
-- 
♥Ⓐ  ng0 -- https://www.inventati.org/patternsinthechaos/