[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Add configure-flags to tor.
From: |
contact . ng0 |
Subject: |
Add configure-flags to tor. |
Date: |
Wed, 25 Jan 2017 09:31:06 +0000 |
This adds tor hardening flags. Do you want me to document the flags in the
package? I left it out since it's documented in the tor release itself.
Taken from ReleaseNotes:
'--enable-expensive-hardening'
New --enable-expensive-hardening option to enable security
hardening options that consume nontrivial amounts of CPU and
memory. Right now, this includes AddressSanitizer and UbSan, which
are supported in newer versions of GCC and Clang. Closes ticket
11477.
'--enable-gcc-hardening'
New "--enable-gcc-hardening" ./configure flag (off by default)
to turn on gcc compile time hardening options. It ensures
that signed ints have defined behavior (-fwrapv), enables
-D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
with canaries (-fstack-protector-all), turns on ASLR protection if
supported by the kernel (-fPIE, -pie), and adds additional security
related warnings. Verified to work on Mac OS X and Debian Lenny.
'--enable-linker-hardening'
New "--enable-linker-hardening" ./configure flag (off by default)
to turn on ELF specific hardening features (relro, now). This does
not work with Mac OS X or any other non-ELF binary format.
- Add configure-flags to tor.,
contact . ng0 <=