[Buildroot] [RFC 3/3] toolchain/toolchain-wrapper: add BR2_RELRO_FULL support
Matthew Weber
matthew.weber at rockwellcollins.com
Tue Aug 21 12:40:00 UTC 2018
Jan,
On Tue, Aug 21, 2018 at 2:53 AM Jan Kundrát <jan.kundrat at cesnet.cz> wrote:
>
> On úterý 14. srpna 2018 6:26:43 CEST, Matt Weber wrote:
> > Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
> > ---
> > toolchain/toolchain-wrapper.c | 19 ++++++++++++++++++-
> > 1 file changed, 18 insertions(+), 1 deletion(-)
> >
> > diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c
> > index c5eb813..d36771c 100644
> > --- a/toolchain/toolchain-wrapper.c
> > +++ b/toolchain/toolchain-wrapper.c
> > @@ -49,8 +49,9 @@ static char _date_[sizeof("-D__DATE__=\"MMM DD YYYY\"")];
> > * -D__TIME__=
> > * -D__DATE__=
> > * -Wno-builtin-macro-redefined
> > + * -fPIE
>
> nit: this looks like a whitespace error (one too many spaces)
>
> > */
> > -#define EXCLUSIVE_ARGS 6
> > +#define EXCLUSIVE_ARGS 7
> >
> > static char *predef_args[] = {
> > #ifdef BR_CCACHE
> > @@ -363,6 +364,22 @@ int main(int argc, char **argv)
> > *cur++ = "-Wno-builtin-macro-redefined";
> > }
> >
> > +#ifdef BR2_RELRO_FULL
> > + /* Combinations of PIE and pic */
> > + for (i = 1; i < argc; i++) {
> > + if (!strcmp(argv[i], "-r") ||
> > + !strcmp(argv[i], "-fpie") ||
> > + !strcmp(argv[i], "-fPIE") ||
> > + !strcmp(argv[i], "-fpic") ||
> > + !strcmp(argv[i], "-fPIC") ||
> > + !strcmp(argv[i], "-fno-pic"))
> > + break;
> > + }
> > +
> > + if (i == argc)
> > + *cur++ = "-fPIE";
> > +#endif
> > +
> > paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
> > if (paranoid_wrapper && strlen(paranoid_wrapper) > 0)
> > paranoid = 1;
>
> I needed some more patches to build with the following hardening settings:
>
> BR2_SSP_STRONG=y
> BR2_RELRO_FULL=y
> BR2_FORTIFY_SOURCE_2=y
>
> - https://patchwork.ozlabs.org/patch/865166/
> - https://patchwork.ozlabs.org/patch/865168/ (this one need changes so that
> it touches packages/libzlib/ now)
>
> Then my build failed when building util-linux, see the attached log.
Thanks for the feedback. Sorry this topic has some loose ends at this
point with a couple un-applied patches and this RFC.
I'll send out a full patchset this week once I get past some
external/internal toolchain symlnk issues with *.br_real.
If you wouldn't mind sharing your defconfig, I'll give it a test
before I sent out the next series.
Matt
More information about the buildroot
mailing list