[jira] [Updated] (TS-3938) Add hardening (fortify) as an option to configure

[Leif Hedstrom (JIRA)]

     [ 
https://issues.apache.org/jira/browse/TS-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Leif Hedstrom updated TS-3938:
------------------------------
    Description: 
It might be useful to add an option, e.g. --with-hardening, such that we can 
build with various hardening compiler options. For example. I've used

{code}
CC="/opt/gcc5/bin/gcc"; export CC
CXX="/opt/gcc5/bin/g++"; export CXX
CFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CFLAGS
CXXFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CXXFLAGS
CPPFLAGS="-D_FORTIFY_SOURCE=2"; export CPPFLAGS
LDFLAGS="-Wl,-z,relro -Wl,-z,now"; export LDFLAGS
"./configure" \
"--enable-experimental-plugins" \
"--prefix=/opt/ats" \
"CC=/opt/gcc5/bin/gcc" \
"CXX=/opt/gcc5/bin/g++" \
"CFLAGS=-fstack-protector -fno-omit-frame-pointer" \
"CXXFLAGS=-fstack-protector -fno-omit-frame-pointer" \
"CPPFLAGS=-D_FORTIFY_SOURCE=2" \
"LDFLAGS=-Wl,-z,relro -Wl,-z,now" \
"$@"
{code}

  was:
It might be useful to add an option, e.g. --with-hardening, such that we can 
build with various hardening compiler options. For example. I've used

{code]
CC="/opt/gcc5/bin/gcc"; export CC
CXX="/opt/gcc5/bin/g++"; export CXX
CFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CFLAGS
CXXFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CXXFLAGS
CPPFLAGS="-D_FORTIFY_SOURCE=2"; export CPPFLAGS
LDFLAGS="-Wl,-z,relro -Wl,-z,now"; export LDFLAGS
"./configure" \
"--enable-experimental-plugins" \
"--prefix=/opt/ats" \
"CC=/opt/gcc5/bin/gcc" \
"CXX=/opt/gcc5/bin/g++" \
"CFLAGS=-fstack-protector -fno-omit-frame-pointer" \
"CXXFLAGS=-fstack-protector -fno-omit-frame-pointer" \
"CPPFLAGS=-D_FORTIFY_SOURCE=2" \
"LDFLAGS=-Wl,-z,relro -Wl,-z,now" \
"$@"
{code}


> Add hardening (fortify) as an option to configure
> -------------------------------------------------
>
>                 Key: TS-3938
>                 URL: https://issues.apache.org/jira/browse/TS-3938
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: Build
>            Reporter: Leif Hedstrom
>              Labels: newbie
>             Fix For: 6.1.0
>
>
> It might be useful to add an option, e.g. --with-hardening, such that we can 
> build with various hardening compiler options. For example. I've used
> {code}
> CC="/opt/gcc5/bin/gcc"; export CC
> CXX="/opt/gcc5/bin/g++"; export CXX
> CFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CFLAGS
> CXXFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CXXFLAGS
> CPPFLAGS="-D_FORTIFY_SOURCE=2"; export CPPFLAGS
> LDFLAGS="-Wl,-z,relro -Wl,-z,now"; export LDFLAGS
> "./configure" \
> "--enable-experimental-plugins" \
> "--prefix=/opt/ats" \
> "CC=/opt/gcc5/bin/gcc" \
> "CXX=/opt/gcc5/bin/g++" \
> "CFLAGS=-fstack-protector -fno-omit-frame-pointer" \
> "CXXFLAGS=-fstack-protector -fno-omit-frame-pointer" \
> "CPPFLAGS=-D_FORTIFY_SOURCE=2" \
> "LDFLAGS=-Wl,-z,relro -Wl,-z,now" \
> "$@"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)