[tor-bugs] #5210 [Tor Client]: Enable gcc and ld hardening by default in 0.2.3.x
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 14 14:55:12 UTC 2012
#5210: Enable gcc and ld hardening by default in 0.2.3.x
------------------------+---------------------------------------------------
Reporter: ioerror | Owner: ioerror
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: security | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by nickm):
Replying to [comment:15 kmcallister]:
> Hi, you may be interested in my recent article about automatic binary
hardening with Autoconf:
>
> http://mainisusuallyafunction.blogspot.com/2012/05/automatic-binary-
hardening-with.html
Looks like they've converged on the same options we have. That much is
good.
I'm not convinced that explicitly grepping for a warning from clang is
such a good idea: warnings change in the presence of localization.
The slowdown business is something we'll need to deal with in practice as
we go. If stack-protector is hideously slow in some configurations, we
might need to turn it off. If -fPIE is a big deal, we may need to add in
a -fomit-frame-pointer for production builds of critical-path pieces of
the code.
Incidentally, I don't think we really get protection from -fPIE unless any
static library we link against is also built with -fPIE, right?
Some of this won't work on windows unless we do yet more magic; said magic
is however a thing for a separate ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5210#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list