[jira] [Commented] (TS-3938) Add hardening (fortify) as an option to configure

Bryan Call (JIRA) Tue, 23 Feb 2016 15:52:32 -0800

    [ 
https://issues.apache.org/jira/browse/TS-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159897#comment-15159897
 ]


Bryan Call commented on TS-3938:
--------------------------------

Without hardening on in the build:
{code}
[bcall@homer trafficserver]$ size --format=sysv /usr/local/bin/traffic_server
/usr/local/bin/traffic_server  :
section                  size       addr
.interp                    28    4194928
.note.ABI-tag              32    4194956
.note.gnu.build-id         36    4194988
.gnu.hash               55772    4195024
.dynsym                203616    4250800
.dynstr                280403    4454416
.gnu.version            16968    4734820
.gnu.version_r            496    4751792
.rela.dyn                1032    4752288
.rela.plt               16968    4753320
.init                      26    4770288
.plt                    11328    4770320
.text                 3374850    4781648
.fini                       9    8156500
.rodata                435024    8156512
.eh_frame_hdr           52572    8591536
.eh_frame              379548    8644112
.gcc_except_table       37049    9023660
.tbss                      32   11160032
.init_array              1128   11160032
.fini_array                 8   11161160
.jcr                        8   11161168
.data.rel.ro            48736   11161184
.dynamic                  752   11209920
.got                       56   11210672
.got.plt                 5680   11210752
.data                   16032   11216448
.bss                  6154304   11232480
.comment                   57          0
.debug_aranges         127232          0
.debug_info          24763121          0
.debug_abbrev          905612          0
.debug_line           2349758          0
.debug_frame               96          0
.debug_str            1098732          0
.debug_loc           16705696          0
.debug_ranges         6131856          0
Total                63174653
{code}

> Add hardening (fortify) as an option to configure
> -------------------------------------------------
>
>                 Key: TS-3938
>                 URL: https://issues.apache.org/jira/browse/TS-3938
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: Build
>            Reporter: Leif Hedstrom
>            Assignee: Bryan Call
>             Fix For: sometime
>
>
> It might be useful to add an option, e.g. --with-hardening, such that we can 
> build with various hardening compiler options. For example. I've used
> {code}
> CC="/opt/gcc5/bin/gcc"; export CC
> CXX="/opt/gcc5/bin/g++"; export CXX
> CFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CFLAGS
> CXXFLAGS="-fstack-protector -fno-omit-frame-pointer"; export CXXFLAGS
> CPPFLAGS="-D_FORTIFY_SOURCE=2"; export CPPFLAGS
> LDFLAGS="-Wl,-z,relro -Wl,-z,now"; export LDFLAGS
> "./configure" \
> "--enable-experimental-plugins" \
> "--prefix=/opt/ats" \
> "CC=/opt/gcc5/bin/gcc" \
> "CXX=/opt/gcc5/bin/g++" \
> "CFLAGS=-fstack-protector -fno-omit-frame-pointer" \
> "CXXFLAGS=-fstack-protector -fno-omit-frame-pointer" \
> "CPPFLAGS=-D_FORTIFY_SOURCE=2" \
> "LDFLAGS=-Wl,-z,relro -Wl,-z,now" \
> "$@"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-3938) Add hardening (fortify) as an option to configure

Reply via email to