Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is cfi enabled in this build? #152

Closed
pony-montana opened this issue Feb 28, 2024 · 5 comments
Closed

is cfi enabled in this build? #152

pony-montana opened this issue Feb 28, 2024 · 5 comments

Comments

@pony-montana
Copy link

I'm not an expert and I'm struggling find this information exploring the codebase.
There is the issue #148 that seems to be a problem with cfi, but in flags.gn I dont find is_cfi=true and use_cfi_icall=true, use_cfi_cast=true, use_thin_lto=true.
Are other flags grabbed from other location than flags.gn during compilation? Or is just that cfi is not enabled in this build?
@clickot
Copy link
Collaborator

clickot commented Feb 28, 2024
edited
Loading

the gn flags in this project (contained in the file flags.gn are combined with the ones defined in flags.gn from the ungoogled-chromium repo. In both I don't find the properties you're looking for, so I suppose cfi is not enabled in this build.
As I stated in issue #148 I had several problems during compilation with clang-17 that i didn't investigate further (so i don't know if cfi problems where included) but switched to clang-18 which worked for me.

@pony-montana
Copy link
Author

Thanks :).
As stated here https://www.chromium.org/developers/testing/control-flow-integrity/ cfi is enabled for chrome in official linux builds.
I don't know how much is the effectiveness of this mitigation as a security mesoure to avoid exploit in memory-corruptions cases.
But the fact that is enabled by default in chrome makes me think that it could be well supported and not so problematic to implement in ungoogle-chromium linux bin release. Also the overhead seems acceptable.

What do you think about cfi? Is something that could be interesting to implement?
When I will access decent hardware I will try to experiment myself building with this feature and see if there are breakages.
Last sidenote: as I understood, the support for cfi is good for linux x86-64, but it's not so good on other platforms; so, I think it's something that could have more success here in ungoogle-chromium-portablelinux than the generic ungoogled-chromium repo.

@PF4Public
Copy link

PF4Public commented Feb 28, 2024
edited
Loading

it could be well supported and not so problematic

As long as you build exactly like Google does. IIRC cfi requires clang, thinlto and libc++ instead of libstdc++.

Is something that could be interesting to implement?

Some Gentoo folks use cfi with ungoogled-chromium — that's for sure. So it is doable.

I don't know how much is the effectiveness

cfi could detect problematic code in Chromium, but apart from that I have my doubts on its effectiveness in other domains. Besides, do not expect catching such a bug yourself, most of the issues are likely to be caught by Google beforehand.

@clickot
Copy link
Collaborator

clickot commented Feb 29, 2024

@PF4Public thanks for your comment :)
@pony-montana is that sufficient for you? If so would you mind closing this issue?

@pony-montana
Copy link
Author

@clickot yes, for me it is sufficient 👍

@clickot clickot closed this as completed Feb 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PF4Public @clickot @pony-montana