nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
426116113f
tor/changes/compileTimeHardening
Jacob Appelbaum 04fa935e02 Add support for gcc compiler/linker hardening flags. 
This patch adds support for two new configure options:
    '--enable-gcc-hardening'
    This sets CFLAGS to include:
        "-D_FORTIFY_SOURCE=2 -fstack-protector-all"
        "-fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security"
        "-Wpointer-sign"
    It sets LDFLAGS to include:
        "-pie"

    '--enable-linker-hardening'
    This sets LDFLAGS to include:
        " -z relro -z now"
2010-05-07 16:15:26 +02:00

13 lines
662 B
Plaintext
Raw Blame History

Add two new configure flags:
--enable-gcc-hardening
This turns on gcc compile time hardening options. It ensures that
signed ints have defined behavior (-fwrapv), -D_FORTIFY_SOURCE=2 is
enabled (requiring -O2), stack smashing protection with canaries
(-fstack-protector-all), ASLR protection if supported by the kernel
(-fPIE, -pie). Additional security related warnings are enabled.
Verified as working on Mac OS X and Debian Lenny.
--enable-linker-hardening
This turns on ELF specific hardening features (relro, now). This does
not work with Mac OS X or any other non-ELF binary format.
Reference in New Issue View Git Blame Copy Permalink