[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5210 [Tor Client]: Enable gcc and ld hardening by default in 0.2.3.x
#5210: Enable gcc and ld hardening by default in 0.2.3.x
------------------------+---------------------------------------------------
Reporter: ioerror | Owner: ioerror
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: security | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by arma):
nextgens gives us this patch:
{{{
diff --git a/changes/bug5210 b/changes/bug5210
new file mode 100644
index 0000000..b07e7f1
--- /dev/null
+++ b/changes/bug5210
@@ -0,0 +1,2 @@
+ o Security fixes:
+ - Enable gcc and ld hardening by default. Fixes bug 5210.
diff --git a/configure.in b/configure.in
index 7415ce8..23dcc07 100644
--- a/configure.in
+++ b/configure.in
@@ -122,19 +122,23 @@ dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on
Windows
dnl This requires that we use gcc and that we add -O2 to the CFLAGS.
AC_ARG_ENABLE(gcc-hardening,
- AS_HELP_STRING(--enable-gcc-hardening, enable compiler security
checks),
+ AS_HELP_STRING(--disable-gcc-hardening, disable compiler security
checks),
+ [enableval=no;],
+ [enableval=yes;])
[if test x$enableval = xyes; then
CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
CFLAGS="$CFLAGS --param ssp-buffer-size=1"
LDFLAGS="$LDFLAGS -pie"
-fi])
+fi]
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with
MacOSX
AC_ARG_ENABLE(linker-hardening,
- AS_HELP_STRING(--enable-linker-hardening, enable linker security
fixups
-[if test x$enableval = xyes; then
+ AS_HELP_STRING(--disable-linker-hardening, disable linker security
fixups),
+ [enableval=no;],
+ [enableval=yes;])
+AC_CHECK_HEADER([elf.h], [if test x$enableval = xyes; then
LDFLAGS="$LDFLAGS -z relro -z now"
fi])
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5210#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs