Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 830
    • Issues 830
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #23591
Closed
Open
Issue created Sep 20, 2017 by cypherpunks@cypherpunks

Build Tor and Tor Browser with -mmitigate-rop

GCC 6 has a new option, -mmitigate-rop, which modifies the generated code to make finding ROP gadgets a bit harder. This is not CFI and does not provide strong protections, but it's better than nothing and is easier to use than alternatives, given that it doesn't require modifying source code for compatibility or loading a new runtime.

-mmitigate-rop Try to avoid generating code sequences that contain unintended return opcodes, to mitigate against certain forms of attack. At the moment, this option is limited in what it can do and should not be relied on to provide serious protection.

I suppose someone should try compiling Tor with this and scan for ROP gadgets using popular ROP compilers on it.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking