Build with non-Cross-DSO CFI
Control Flow Integrity is an exploit mitigation. clang/llvm has a CFI implementation that can be used on hardened operating systems like HardenedBSD.
When lld is the compiler, non-Cross-DSO CFI from clang/llvm can be used. I've tested this on HardenedBSD with a very basic configuration.
Attached is a candidate patch for enabling non-Cross-DSO CFI for the core Tor application.
Trac:
Username: shawn.webb