[or-dev] Re: Tor hardening at compile time

Christian Kujau lists at nerdbynature.de
Mon May 10 14:17:16 UTC 2010


On Sat, 8 May 2010 at 16:09, Jacob Appelbaum wrote:
> > configure: error: C compiler cannot create executables
> 
> Can you try that again but this time without '--enable-linker-hardening'
> in your ./configure configuring? We can't support linker hardening for
> ELF and Mac OS X uses the Mach-O binary format.

Same message on Linux/powerpc32, config.log has:

configure:2930: gcc  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv 
-fPIE -Wstack-protector -Wformat -Wformat-security -Wpointer-sign  
-I${top_srcdir}/src/common  -pie -z relro -z now conftest.c  >&5
gcc: relro: No such file or directory
gcc: now: No such file or directory
configure:2933: $? = 1

However, other posts[0] seem to suggest that it's indeed a linker issue 
and only supported with binutils >= 2.20, while my Debian/stable here is 
still on 2.18.

Without --enable-linker-hardening Tor can be built:

# ./configure --prefix=/opt/tor
No RELRO   No canary found   NX enabled    No PIE      /opt/tor/bin/tor

# ./configure --prefix=/opt/tor --enable-gcc-warnings --enable-gcc-hardening
No RELRO   Canary found      NX enabled    PIE enabled   src/or/tor

Although NX is marked "enabled", my CPU does not support NX.

Thanks,
Christian.

[0] http://readlist.com/lists/gcc.gnu.org/gcc-help/3/18416.html
-- 
BOFH excuse #226:

A star wars satellite accidently blew up the WAN.



More information about the tor-dev mailing list