[Buildroot] [PATCH 1/1] package/sudo: disable use of stack protector when not available

Brendan Heading brendanheading at gmail.com
Tue Sep 15 18:49:13 UTC 2015


Fixes:
http://autobuild.buildroot.net/results/d93/d9390b929328e6253b883f000f6f09972df90f47/

sudo, by default, attempts to use the stack protector if configure detects
that it exists. The stack protector detection does not attempt to link
libssp, which can cause a false positive.

Instead, check if the stack protector is enabled in the buildroot
toolchain config, and pass --disable-hardening if it is not - similar to
psmisc and sox.

Signed-off-by: Brendan Heading <brendanheading at gmail.com>
---
 package/sudo/sudo.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index 4327c8a..b839ee4 100644
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -30,6 +30,11 @@ else
 SUDO_CONF_OPTS += --without-pam
 endif
 
+ifeq ($(BR2_TOOLCHAIN_HAS_SSP),)
+# Don't force -fstack-protector when SSP is not available in toolchain
+SUDO_CONF_OPTS += --disable-hardening
+endif
+
 # mksigname/mksiglist needs to run on build host to generate source files
 define SUDO_BUILD_MKSIGNAME_MKSIGLIST_HOST
 	$(MAKE) $(HOST_CONFIGURE_OPTS) \
-- 
2.4.3



More information about the buildroot mailing list