Merge commit 'ioerror/compileTimeHardening'

This commit is contained in:
Roger Dingledine 2010-05-07 12:05:26 -04:00
commit 8ba00e4305
2 changed files with 33 additions and 0 deletions

View File

@ -0,0 +1,12 @@
Add two new configure flags:
--enable-gcc-hardening
This turns on gcc compile time hardening options. It ensures that
signed ints have defined behavior (-fwrapv), -D_FORTIFY_SOURCE=2 is
enabled (requiring -O2), stack smashing protection with canaries
(-fstack-protector-all), ASLR protection if supported by the kernel
(-fPIE, -pie). Additional security related warnings are enabled.
Verified as working on Mac OS X and Debian Lenny.
--enable-linker-hardening
This turns on ELF specific hardening features (relro, now). This does
not work with Mac OS X or any other non-ELF binary format.

View File

@ -90,6 +90,27 @@ AC_ARG_ENABLE(gcc-warnings,
AC_ARG_ENABLE(gcc-warnings-advisory,
AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
dnl Adam shostack suggests the following for Windows:
dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
dnl This requires that we use gcc and that we add -O2 to the CFLAGS.
AC_ARG_ENABLE(gcc-hardening,
AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
[if test x$enableval = xyes; then
CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
CFLAGS+=" -fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security"
CFLAGS+=" -Wpointer-sign"
LDFLAGS+=" -pie"
fi])
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
[if test x$enableval = xyes; then
LDFLAGS+=" -z relro -z now"
fi])
AC_ARG_ENABLE(local-appdata,
AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows))
if test "$enable_local_appdata" = "yes"; then