[tor-bugs] #5131 [Obfsproxy]: auditing obfsproxy
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Mar 9 00:30:46 UTC 2012
#5131: auditing obfsproxy
-------------------------+--------------------------------------------------
Reporter: ioerror | Owner: asn
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Keywords: security | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by ioerror):
Replying to [comment:13 Sebastian]:
> Replying to [comment:12 ioerror]:
> > Replying to [comment:11 Sebastian]:
> > > What about the other comments here? Are we cool with not adding a
gpl, and with creating a lot of warnings for non-gcc compilers? If I use
another compiler, how can I get rid of the warnings?
> >
> > I don't think we need to add a GPL but I've added it:
> > [compile_hardening 86272e0] add GPL license for m4 macros
>
> My apologies, that wasn't pushed when I fetched the branch the first
time. I see it's there now.
Heh. I just added it. No need to say you're sorry. :)
>
> > Also - what warnings? If a non-gcc compiler is used and it does not
support the flag, autoconf will catch that and not add the unsupported
flag to the CFLAGS variable. Do you have a case where this is not true?
Are you seeing warnings right now?
>
> No, autoconf will only catch errors and disable flags for errors. It
keeps flags enabled that produce warnings. Here's an example from clang:
>
> {{{
>
> clang -DHAVE_CONFIG_H -I. -I./src -Wall -Wwrite-strings -Werror
-I/opt/local//include -I/opt/local//include -g -O2 -D_FORTIFY_SOURCE=2
-fstack-protector-all -fwrapv -fPIE --param ssp-buffer-size=1 -fno-strict-
aliasing -fno-strict-overflow -MT unittest_obfs2.o -MD -MP -MF
.deps/unittest_obfs2.Tpo -c -o unittest_obfs2.o `test -f
'src/test/unittest_obfs2.c' || echo './'`src/test/unittest_obfs2.c
> clang: warning: argument unused during compilation: '--param ssp-buffer-
size=1'
> clang: warning: argument unused during compilation: '-fno-strict-
overflow'
> mv -f .deps/unittest_obfs2.Tpo .deps/unittest_obfs2.Po
> clang -Wall -Wwrite-strings -Werror -I/opt/local//include
-I/opt/local//include -g -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-all
-fwrapv -fPIE --param ssp-buffer-size=1 -fno-strict-aliasing -fno-strict-
overflow -pie -o unittests tinytest.o unittest.o unittest_container.o
unittest_crypt.o unittest_socks.o unittest_dummy.o unittest_managed.o
unittest_obfs2.o libobfsproxy.a -L/usr/local/lib -levent
-L/opt/local//lib/ -lcrypto
> clang: warning: argument unused during compilation: '--param ssp-buffer-
size=1'
> clang: warning: argument unused during compilation: '-pie'
> }}}
Wait wait - what does configure do when you use clang? With gcc I have:
{{{
checking whether C compiler accepts -D_FORTIFY_SOURCE=2... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C compiler accepts -fwrapv... yes
checking whether C compiler accepts -fPIE... yes
checking whether C compiler accepts --param ssp-buffer-size=1... yes
checking whether C compiler accepts -fno-strict-aliasing... yes
checking whether C compiler accepts -fno-strict-overflow... yes
checking whether the linker accepts -pie... yes
checking whether the linker accepts -z relro... yes
checking whether the linker accepts -z now... yes
}}}
Do you have the same output with clang? If so, I think that's a bug in the
macro that checks if the compiler/linker actually accepts a given flag.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5131#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list