Adding optional compiler and linker hardening options as per suggestion from Jacob

author Christian Grothoff <christian@grothoff.org>

Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)

committer Christian Grothoff <christian@grothoff.org>

Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)
author Christian Grothoff <christian@grothoff.org>
Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)
committer Christian Grothoff <christian@grothoff.org>
Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)
diff --git a/AUTHORS b/AUTHORS

index 2032a43e5120b168ae2f0350c44f2debec1ea349..b4edb0e868eb5b201e41edf14ce67fda0b2d2610 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -38,6 +38,7 @@ Heikki Lindholm <holin@iki.fi>
  Igor Wronsky <iwronsky@users.sourceforge.net>
  Ioana Patrascu <ioanapatrascu@yahoo.com>
  <january@hushmail.com>
+Jacob Appelbaum <jacob@appelbaum.net>
  Jake Dust <jakedust@gmail.com>
  James Blackwell <jblack@linuxguru.net>
  Jean-Luc Cooke <jlcooke@certainkey.com> [ SHA-512]
diff --git a/configure.ac b/configure.ac

index 464201f92a976dcdd056edd172af19de12319ddd..44fa288a0f6ba020813a03dce6d7820c55ce6a22 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -201,6 +201,26 @@ then
    AC_MSG_ERROR([GNUnet needs libgcrypt])
  fi
  
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+   AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+fi])
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+  AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[if test x$enableval = xyes; then
+   LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+
  extra_logging=GNUNET_NO
  AC_ARG_ENABLE([logging],
     AS_HELP_STRING([--enable-logging@<:@=value@:>@],[Enable logging calls. Possible values: yes,no,verbose,veryverbose ('yes' is the default)]),
diff --git a/src/dht/test_dht_2dtorus.conf b/src/dht/test_dht_2dtorus.conf

index 3bd6d3561e8f5ab46cd7272cd542c1866cb52ca7..3b3f7ec9154c5da78aab27ec30590c65d1d7b453 100644 (file)
--- a/src/dht/test_dht_2dtorus.conf
+++ b/src/dht/test_dht_2dtorus.conf
@@ -49,7 +49,7 @@ AUTOSTART = YES
  PORT = 10004
  
  [testing]
-NUM_PEERS = 16
+NUM_PEERS = 256
  WEAKRANDOM = YES
  TOPOLOGY = 2D_TORUS
  CONNECT_TOPOLOGY = NONE
author	Christian Grothoff <christian@grothoff.org>
	Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)
committer	Christian Grothoff <christian@grothoff.org>
	Tue, 20 Dec 2011 09:20:02 +0000 (09:20 +0000)
AUTHORS		patch \| blob \| history
configure.ac		patch \| blob \| history
src/dht/test_dht_2dtorus.conf		patch \| blob \| history