# effect of tor-hardening use flag with hardened gcc

## jchau

I noticed recently that the tor-hardening use flag has been added for net-misc/tor.  It is described as "Compile tor with hardening on vanilla compilers/linkers".  

Does this mean that the tor-hardening use flag will have no effect if I'm using the hardened profile?  Or is there any additional benefit to enabling the tor-hardening use flag for tor?

From https://lists.torproject.org/pipermail/tor-dev/2010-May/001948.html and http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml it seems like they enable the same features (I assume that the hardened toolchain enables NX), but I'm not sure if I missed anything.

----------

## Sadako

From the changelog;

```
    - New "--enable-gcc-hardening" ./configure flag (off by default)

      to turn on gcc compile time hardening options. It ensures

      that signed ints have defined behavior (-fwrapv), enables

      -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection

      with canaries (-fstack-protector-all), turns on ASLR protection if

      supported by the kernel (-fPIE, -pie), and adds additional security

      related warnings. Verified to work on Mac OS X and Debian Lenny.

    - New "--enable-linker-hardening" ./configure flag (off by default)

      to turn on ELF specific hardening features (relro, now). This does

      not work with Mac OS X or any other non-ELF binary format.

    - Enable protection of small arrays whenever we build with gcc

      hardening features, not only when also building with warnings

      enabled. Fixes bug 2031; bugfix on 0.2.2.14-alpha. Reported by keb.
```

Most of the above would be enabled by default with a hardened toolchain, if not all.

I was curious about this too, and I have tor running after being built with the tor-hardening USE flag with no ill effects AFAICT.

----------

