mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
04fa935e02
This patch adds support for two new configure options: '--enable-gcc-hardening' This sets CFLAGS to include: "-D_FORTIFY_SOURCE=2 -fstack-protector-all" "-fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security" "-Wpointer-sign" It sets LDFLAGS to include: "-pie" '--enable-linker-hardening' This sets LDFLAGS to include: " -z relro -z now"
13 lines
662 B
Plaintext
13 lines
662 B
Plaintext
Add two new configure flags:
|
|
--enable-gcc-hardening
|
|
This turns on gcc compile time hardening options. It ensures that
|
|
signed ints have defined behavior (-fwrapv), -D_FORTIFY_SOURCE=2 is
|
|
enabled (requiring -O2), stack smashing protection with canaries
|
|
(-fstack-protector-all), ASLR protection if supported by the kernel
|
|
(-fPIE, -pie). Additional security related warnings are enabled.
|
|
Verified as working on Mac OS X and Debian Lenny.
|
|
|
|
--enable-linker-hardening
|
|
This turns on ELF specific hardening features (relro, now). This does
|
|
not work with Mac OS X or any other non-ELF binary format.
|