Current operating systems support a variety of features to frustrate memory corruption attacks. Some of these features need to be enabled at build time.
As security-sensitive network software, Mosh should be aggressive about using these features when available. Though this is often handled by distributions, it's not unheard of for upstream developers to enable hardening. Tor already has --enable-gcc-hardening and is considering making it the default. There's a similar patch in the Pidgin bugtracker.
I think Mosh should enable these features by default, with a configure flag to disable. We'll need to write Autoconf tests to determine which features are supported by the platform and compiler. I have tested that Mosh built with all of the above features runs fine on Debian.
(Apparently GitHub doesn't let non-admins take an issue, but feel free to assign this one to me.)
I can't assign it to you either, but consider it all yours! I'll take any set of flags you recommend, assuming it works on g++ and clang++ on Linux and Mac.
I have a branch for this now. It's not ready to merge yet, but it would be great if people could test it. So far I've only tried it on GNU/Linux with g++.
I benchmarked this on a 1.6 GHz Atom N270 running Debian i386 with GCC 4.4.5. Here's the user time to run benchmark with ITERATIONS = 10000, averaged over 16 runs:
ITERATIONS = 10000
Edit: These numbers get much better if I switch to Ubuntu 12.04 with GCC 4.6.3. Then it's only a 16% penalty for full hardening.
And a 3 GHz Phenom II X6 1075T, Debian amd64, GCC 4.6.3, ITERATIONS = 100000:
ITERATIONS = 100000
So on this platform, full hardening costs us only 2%.
Use the hardening flags