Hi All,
I fetched the latest boinc with git, and encountered a few issues
during compiling and linking. I wanted to pass them along with the
minimal fixes I came up with in case the project is interested in
providing a more permanent solution.
For completeness, I configured with:
./configure --disable-server --enable-client CXXFLAGS="-Os "
--with-ssl="/usr/local/ssl/linux-x86"
There are also a number of compiler warnings still present. I think
its good the project is using the compiler's warning system to
identify potential issues, and I hope the development team will
continue to use them.
In addition, there are some additional options and flags that present
hardening opportunities on a GNU system. I had to add some of them by
hand (and some were already present). Its important to take advantage
of the security offered by the platform because a bad guy only has to
be lucky once.
-Wall, -Wextra
-Wconversion (careful, you need to separate the wheat from the chaff)
-Wformat=2 -Wformat-security
-fstrict-overflow
-Wstrict-overflow=3
-fstrict-aliasing
-Wstrict-aliasing
-fstack-protector-all (stack canaries)
-Wl,-z,relro, -Wl,-z,now (GOT and PLT attacks)
-Wl,-z,noexecstack, -Wl,-z,noexecheap (NX FTW!)
-fPIE and -pie (ASLR on executables)
I've also found the following helps reduce spurious noise due to C++
interface programming:
-Wno-unused-parameter
-Wno-type-limits
Jeff
================================================================================
INSTALL states (I still read them):
To build the BOINC client software:
./_autosetup
./configure --disable_server
Fix: that should be --disable-server
================================================================================
CXX libboinc_crypt_la-crypt.lo
crypt.cpp:38:25: fatal error: openssl/ssl.h: No such file or directory
compilation terminated.
make[2]: *** [libboinc_crypt_la-crypt.lo] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2
Fix: add $(SSL_CFLAGS) to the libboinc_crypt_la-crypt.lo target's rule. I.e:
... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...
================================================================================
CXX boinc_client-acct_mgr.o
In file included from acct_mgr.cpp:27:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-acct_mgr.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2
Fix: add $(SSL_CFLAGS) to the boinc_client-acct_mgr.o target's rule. I.e:
... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...
================================================================================
CXX boinc_client-cs_files.o
In file included from cs_files.cpp:34:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-cs_files.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2
Fix: add $(SSL_CFLAGS) to the boinc_client-cs_files.o target's rule. I.e:
... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...
================================================================================
CXX boinc_client-cs_scheduler.o
In file included from cs_scheduler.cpp:37:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-cs_scheduler.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2
Fix: add $(SSL_CFLAGS) to the boinc_client-cs_scheduler.o target's rule. I.e:
... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...
================================================================================
CXXLD boinc_client
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[2]: *** [boinc_client] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2
Fix 1: SSL_LIBS: change -L/usr/local/ssl/linux-x86 to
-L/usr/local/ssl/linux-x86/lib (note the missing lib/)
Fix 2: add $(SSL_LIBS) to the following target's rules:
* boinc_client$(EXEEXT)
* boinccmd$(EXEEXT)
* switcher$(EXEEXT)
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.