[or-dev] Re: Tor hardening at compile time
Christian Kujau
lists at nerdbynature.de
Mon May 10 14:17:16 UTC 2010
On Sat, 8 May 2010 at 16:09, Jacob Appelbaum wrote:
> > configure: error: C compiler cannot create executables
>
> Can you try that again but this time without '--enable-linker-hardening'
> in your ./configure configuring? We can't support linker hardening for
> ELF and Mac OS X uses the Mach-O binary format.
Same message on Linux/powerpc32, config.log has:
configure:2930: gcc -D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv
-fPIE -Wstack-protector -Wformat -Wformat-security -Wpointer-sign
-I${top_srcdir}/src/common -pie -z relro -z now conftest.c >&5
gcc: relro: No such file or directory
gcc: now: No such file or directory
configure:2933: $? = 1
However, other posts[0] seem to suggest that it's indeed a linker issue
and only supported with binutils >= 2.20, while my Debian/stable here is
still on 2.18.
Without --enable-linker-hardening Tor can be built:
# ./configure --prefix=/opt/tor
No RELRO No canary found NX enabled No PIE /opt/tor/bin/tor
# ./configure --prefix=/opt/tor --enable-gcc-warnings --enable-gcc-hardening
No RELRO Canary found NX enabled PIE enabled src/or/tor
Although NX is marked "enabled", my CPU does not support NX.
Thanks,
Christian.
[0] http://readlist.com/lists/gcc.gnu.org/gcc-help/3/18416.html
--
BOFH excuse #226:
A star wars satellite accidently blew up the WAN.
More information about the tor-dev
mailing list