Skip to content

compile time hardening of TBB (RELRO, canary, PIE)

Would be nice if TBB (for Linux and OS X at least) would come with gcc hardening features applied.

Output of checksec.sh:

     vidalia   3925 No RELRO          No canary found        NX enabled    No PIE                  
     tor   3933 No RELRO          No canary found        NX enabled    No PIE                  
     firefox   3935 No RELRO          No canary found        NX enabled    No PIE

compared to bundled Firefox in Ubuntu: firefox 8779 Full RELRO Canary found NX enabled PIE enabled

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information