Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f4f11adf4c
Branches Tags
tor
/
changes
/
compileTimeHardening

compileTimeHardening 662 B
History Raw

123456789101112 
  1. Add two new configure flags:
    2. 

  2.     --enable-gcc-hardening
    3. 

  3.         This turns on gcc compile time hardening options. It ensures that
    4. 

  4.         signed ints have defined behavior (-fwrapv), -D_FORTIFY_SOURCE=2 is
    5. 

  5.         enabled (requiring -O2), stack smashing protection with canaries
    6. 

  6.         (-fstack-protector-all), ASLR protection if supported by the kernel
    7. 

  7.         (-fPIE, -pie). Additional security related warnings are enabled.
    8. 

  8.         Verified as working on Mac OS X and Debian Lenny.
    9. 

  9. 

  10.     --enable-linker-hardening
    11. 

  11.         This turns on ELF specific hardening features (relro, now). This does
    12. 

  12.         not work with Mac OS X or any other non-ELF binary format.
    13.