On 2/2/17 4:52 PM, Tom Ritter wrote:
I have a question about ASAN. Why do we release it? Is it because we think it can sometimes provide security? Or is it for the purposes of debugging? If it's for debugging, do we --enable-debug and --disable-optimize on this build and any other debugging stuff?
It's my hope that we will, in the next year, be able to ship more hardening features on more platforms. Adding in CFI for Linux and Mac; and CFG for Windows. There's jemalloc redzones (are those going in hardened, alpha, or release?)
Will these go into Alpha with the goal of getting them to release? And it would be awesome to move to a 64bit version for Windows. (I'm unclear why we have a 32 bit linux version actually; and when we get a 64 bit Windows version why we would keep a 32 bit version.
Good questions. We need to be confident about the security benefits (it is usually not too difficult to get to that point, although ASan is a special case) and also the stability anything before anything goes into our release builds... but we use our alpha channel to determine that, right?
As far as 32-bit Linux and Windows builds, we are trading off security vs. compatibility with older OSes and hardware (maybe we are making the wrong tradeoff). For Win64 I am sure there is work to be done as well; see https://trac.torproject.org/projects/tor/ticket/20636
I guess what I'm trying to figure out is: if we aggressively move all hardening features we can into Alpha and then release; either the 'Hardened' version is really a Pre-Alpha (with ASAN for catching more bugs) or it's a Debug version. If it's pre-alpha, cool, let's make an alpha, beta, and release channel. If it's Debug, cool, it's Debug. =)
Maintaining another channel will be a challenge given our small team, but what you say makes a lot of sense. But I also wonder how many alpha and hardened users we have and whether our audience of available testers is too small to support another channel. On the other hand, more people should be willing to run something labeled "beta" instead of "alpha."