From 5e9586160cced8cabc41ec1ec3954b1a706d3832 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 20 Dec 2011 09:20:02 +0000 Subject: [PATCH] Adding optional compiler and linker hardening options as per suggestion from Jacob --- AUTHORS | 1 + configure.ac | 20 ++++++++++++++++++++ src/dht/test_dht_2dtorus.conf | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 2032a43e5..b4edb0e86 100644 --- a/AUTHORS +++ b/AUTHORS @@ -38,6 +38,7 @@ Heikki Lindholm Igor Wronsky Ioana Patrascu +Jacob Appelbaum Jake Dust James Blackwell Jean-Luc Cooke [ SHA-512] diff --git a/configure.ac b/configure.ac index 464201f92..44fa288a0 100644 --- a/configure.ac +++ b/configure.ac @@ -201,6 +201,26 @@ then AC_MSG_ERROR([GNUnet needs libgcrypt]) fi +# Adam shostack suggests the following for Windows: +# -D_FORTIFY_SOURCE=2 -fstack-protector-all +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[if test x$enableval = xyes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + LDFLAGS="$LDFLAGS -pie" +fi]) + +# Linker hardening options +# Currently these options are ELF specific - you can't use this with MacOSX +AC_ARG_ENABLE(linker-hardening, + AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), +[if test x$enableval = xyes; then + LDFLAGS="$LDFLAGS -z relro -z now" +fi]) + + extra_logging=GNUNET_NO AC_ARG_ENABLE([logging], AS_HELP_STRING([--enable-logging@<:@=value@:>@],[Enable logging calls. Possible values: yes,no,verbose,veryverbose ('yes' is the default)]), diff --git a/src/dht/test_dht_2dtorus.conf b/src/dht/test_dht_2dtorus.conf index 3bd6d3561..3b3f7ec91 100644 --- a/src/dht/test_dht_2dtorus.conf +++ b/src/dht/test_dht_2dtorus.conf @@ -49,7 +49,7 @@ AUTOSTART = YES PORT = 10004 [testing] -NUM_PEERS = 16 +NUM_PEERS = 256 WEAKRANDOM = YES TOPOLOGY = 2D_TORUS CONNECT_TOPOLOGY = NONE -- 2.25.1