Rename --enable-expensive-hardening configure option (5335a8e6) · Commits · The Tor Project / Core / Tor

changes/bug21290

0 → 100644

+7 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes (configure, autoconf):
		- Rename the configure option --enable-expensive-hardening to
		--enable-fragile-hardening. TROVE-2017-001 was triggerable only through
		the expensive hardening which is making the tor daemon abort when the
		issue is detected. Thus, it makes tor more at risk of remote crashes but
		safer against RCE or heartbleed bug category. Fixes bug 21290; bugfix on
		tor-0.2.5.4-alpha.

configure.ac

+25 −4

Original line number	Diff line number	Diff line
		@@ -145,8 +145,14 @@ dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
		AC_ARG_ENABLE(gcc-hardening,
		AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))

		dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
		AC_ARG_ENABLE(expensive-hardening,
		AS_HELP_STRING(--enable-expensive-hardening, [enable more expensive compiler hardening; makes Tor slower]))
		AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
		AC_ARG_ENABLE(fragile-hardening,
		AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
		if test "x$enable_expensive_hardening" = "xyes" \|\| test "x$enable_fragile_hardening" = "xyes"; then
		fragile_hardening="yes"
		fi

		dnl Linker hardening options
		dnl Currently these options are ELF specific - you can't use this with MacOSX
		@@ -772,14 +778,14 @@ m4_ifdef([AS_VAR_IF],[
		TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
		fi

		if test "x$enable_expensive_hardening" = "xyes"; then
		if test "$fragile_hardening" = "yes"; then
		TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
		if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
		AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
		fi

		if test "$tor_cv_cflags__ftrapv" != "yes"; then
		AC_MSG_ERROR([You requested expensive hardening, but the compiler does not seem to support -ftrapv.])
		AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
		fi

		TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
		@@ -861,7 +867,7 @@ saved_CFLAGS="$CFLAGS"
		TOR_CHECK_CFLAGS(-fomit-frame-pointer)
		F_OMIT_FRAME_POINTER=''
		if test "$saved_CFLAGS" != "$CFLAGS"; then
		if test "x$enable_expensive_hardening" != "xyes"; then
		if test "$fragile_hardening" = "yes"; then
		F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
		fi
		fi
		@@ -1960,4 +1966,19 @@ if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
		done
		fi

		if test "$fragile_hardening" = "yes"; then
		AC_MSG_WARN([

		============
		Warning! Building Tor with --enable-fragile-hardening (also known as
		--enable-expensive-hardening) makes some kinds of attacks harder, but makes
		other kinds of attacks easier. A Tor instance build with this option will be
		somewhat less vulnerable to remote code execution, arithmetic overflow, or
		out-of-bounds read/writes... but at the cost of becoming more vulnerable to
		denial of service attacks. For more information, see
		https://trac.torproject.org/projects/tor/wiki/doc/TorFragileHardening
		============
		])
		fi

		AC_OUTPUT