-
Show log
Commit
-
Hash : c0a8ddc1
Author :
Date : 2014-12-23T21:47:03
configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". The code added to m4/ is GPLv3 but con Signed-off-by: Jim Barlow <jim@purplerock.ca>
-
Properties
-
Git HTTP https://git.kmx.io/kc3-lang/libressl.git Git SSH git@git.kmx.io:kc3-lang/libressl.git Public access ? public Description LibreSSL Portable
Users
Tags - v4.2.0
- v4.1.1
- v4.1.0
- v4.0.1
- v4.0.0
- v3.9.2
- v3.9.1
- v3.9.0
- v3.8.4
- v3.8.3
- v3.8.2
- v3.8.1
- v3.8.0
- v3.7.3
- v3.7.2
- v3.7.1
- v3.7.0
- v3.6.3
- v3.6.2
- v3.6.1
- v3.6.0
- v3.5.4
- v3.5.3
- v3.5.2
- v3.5.1
- v3.5.0
- v3.4.3
- v3.4.2
- v3.4.1
- v3.4.0
- v3.3.6
- v3.3.5
- v3.3.4
- v3.3.3
- v3.3.2
- v3.3.1
- v3.3.0
- v3.2.7
- v3.2.6
- v3.2.5
- v3.2.4
- v3.2.3
- v3.2.2
- v3.2.1
- v3.2.0
- v3.1.5
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.2
- v3.0.1
- v3.0.0
- v2.9.2
- v2.9.1
- v2.9.0
- v2.8.3
- v2.8.2
- v2.8.1
- v2.8.0
- v2.7.5
- v2.7.4
- v2.7.3
- v2.7.2
- v2.7.1
- v2.7.0
- v2.6.5
- v2.6.4
- v2.6.3
- v2.6.2
- v2.6.1
- v2.6.0
- v2.5.5
- v2.5.4
- v2.5.3
- v2.5.2
- v2.5.1
- v2.5.0
- v2.4.5
- v2.4.4
- v2.4.3
- v2.4.2
- v2.4.1
- v2.4.0
- v2.3.9
- v2.3.8
- v2.3.7
- v2.3.6
- v2.3.5
- v2.3.4
- v2.3.3
- v2.3.2
- v2.3.10
- v2.3.1
- v2.3.0
- v2.2.9
- v2.2.8
- v2.2.7
- v2.2.6
- v2.2.5
- v2.2.4
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.9
- v2.1.8
- v2.1.7
- v2.1.6
- v2.1.5
- v2.1.4
- v2.1.3
- v2.1.2
- v2.0.6
