Hi All,

I fetched the latest boinc with git, and encountered a few issues
during compiling and linking. I wanted to pass them along with the
minimal fixes I came up with in case the project is interested in
providing a more permanent solution.

For completeness, I configured with:

  ./configure --disable-server --enable-client CXXFLAGS="-Os "
--with-ssl="/usr/local/ssl/linux-x86"

There are also a number of compiler warnings still present. I think
its good the project is using the compiler's warning system to
identify potential issues, and I hope the development team will
continue to use them.

In addition, there are some additional options and flags that present
hardening opportunities on a GNU system. I had to add some of them by
hand (and some were already present). Its important to take advantage
of the security offered by the platform because a bad guy only has to
be lucky once.

  -Wall, -Wextra
  -Wconversion (careful, you need to separate the wheat from the chaff)
  -Wformat=2 -Wformat-security
  -fstrict-overflow
  -Wstrict-overflow=3
  -fstrict-aliasing
  -Wstrict-aliasing
  -fstack-protector-all (stack canaries)
  -Wl,-z,relro, -Wl,-z,now (GOT and PLT attacks)
  -Wl,-z,noexecstack, -Wl,-z,noexecheap (NX FTW!)
  -fPIE and -pie (ASLR on executables)

I've also found the following helps reduce spurious noise due to C++
interface programming:

-Wno-unused-parameter
-Wno-type-limits

Jeff

================================================================================

INSTALL states (I still read them):

To build the BOINC client software:
    ./_autosetup
    ./configure --disable_server

Fix: that should be --disable-server

================================================================================

  CXX    libboinc_crypt_la-crypt.lo
crypt.cpp:38:25: fatal error: openssl/ssl.h: No such file or directory
compilation terminated.
make[2]: *** [libboinc_crypt_la-crypt.lo] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2

Fix: add $(SSL_CFLAGS) to the libboinc_crypt_la-crypt.lo target's rule. I.e:

  ... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...

================================================================================

  CXX    boinc_client-acct_mgr.o
In file included from acct_mgr.cpp:27:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-acct_mgr.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2

Fix: add $(SSL_CFLAGS) to the boinc_client-acct_mgr.o target's rule. I.e:

  ... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...

================================================================================

  CXX    boinc_client-cs_files.o
In file included from cs_files.cpp:34:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-cs_files.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2


Fix: add $(SSL_CFLAGS) to the boinc_client-cs_files.o target's rule. I.e:

  ... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...

================================================================================

  CXX    boinc_client-cs_scheduler.o
In file included from cs_scheduler.cpp:37:0:
../lib/crypt.h:27:25: fatal error: openssl/rsa.h: No such file or directory
compilation terminated.
make[2]: *** [boinc_client-cs_scheduler.o] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2

Fix: add $(SSL_CFLAGS) to the boinc_client-cs_scheduler.o target's rule. I.e:

  ... $(AM_CXXFLAGS) $(CXXFLAGS) $(SSL_CXXFLAGS) -MT...

================================================================================

  CXXLD  boinc_client
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[2]: *** [boinc_client] Error 1
make[2]: Leaving directory `/home/jeffrey/Desktop/boinc/client'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/jeffrey/Desktop/boinc'
make: *** [all] Error 2

Fix 1: SSL_LIBS: change -L/usr/local/ssl/linux-x86 to
-L/usr/local/ssl/linux-x86/lib (note the missing lib/)

Fix 2: add $(SSL_LIBS) to the following target's rules:

  * boinc_client$(EXEEXT)
  * boinccmd$(EXEEXT)
  * switcher$(EXEEXT)
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.

Reply via email to