[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Add configure-flags to tor.

From: contact . ng0
Subject: Add configure-flags to tor.
Date: Wed, 25 Jan 2017 09:31:06 +0000

This adds tor hardening flags.  Do you want me to document the flags in the 
package? I left it out since it's documented in the tor release itself.

Taken from ReleaseNotes:


   New --enable-expensive-hardening option to enable security
   hardening options that consume nontrivial amounts of CPU and
   memory. Right now, this includes AddressSanitizer and UbSan, which
   are supported in newer versions of GCC and Clang. Closes ticket


  New "--enable-gcc-hardening" ./configure flag (off by default)
  to turn on gcc compile time hardening options. It ensures
  that signed ints have defined behavior (-fwrapv), enables
  -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
  with canaries (-fstack-protector-all), turns on ASLR protection if
  supported by the kernel (-fPIE, -pie), and adds additional security
  related warnings. Verified to work on Mac OS X and Debian Lenny.


  New "--enable-linker-hardening" ./configure flag (off by default)
  to turn on ELF specific hardening features (relro, now). This does
  not work with Mac OS X or any other non-ELF binary format.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]