FS#57831 - [chromium] Enable control-flow integrity
Attached to Project:
Arch Linux
Opened by xsmile (xsmile) - Wednesday, 14 March 2018, 04:43 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 31 March 2018, 01:50 GMT
Opened by xsmile (xsmile) - Wednesday, 14 March 2018, 04:43 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 31 March 2018, 01:50 GMT
|
Details
Description:
Consider enabling Control Flow Integrity (CFI) [1] for virtual calls as it is done in official Chrome builds. At the same time, link-time optimization - ThinLTO [2] to be specific - will be enabled as a requirement for CFI. See [3] for a description of the relevant GN build flag. Steps to reproduce: Add 'is_cfi=true' to the _flags array in the PKGBUILD. 1: https://www.chromium.org/developers/testing/control-flow-integrity 2: https://clang.llvm.org/docs/ThinLTO.html 3: https://chromium.googlesource.com/chromium/src/+/65.0.3325.165/build/config/sanitizers/sanitizers.gni#54 |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Saturday, 31 March 2018, 01:50 GMT
Reason for closing: Implemented
Additional comments about closing: chromium 65.0.3325.181-2
Saturday, 31 March 2018, 01:50 GMT
Reason for closing: Implemented
Additional comments about closing: chromium 65.0.3325.181-2
Thanks for the proposal, hopefully the above is an easy fix for upstream.
65.0.3325.181-2 in [testing] seems to work fine so far.
Having it be set implicitly means it will get the correct value on non-x86_64 arches, so that's why I left it off.
Thanks for looking out though, I added a note next to the is_official_build flag to make the intention clear.