[Buildroot] [PATCH 0/6] Hardening Flag Bugfix/Enhancement
Matthew Weber
matthew.weber at rockwellcollins.com
Thu Jul 12 11:44:42 UTC 2018
All,
On Wed, Jul 11, 2018 at 9:31 AM, Matt Weber
<matthew.weber at rockwellcollins.com> wrote:
> This series pulls together a few pending patches required for hardening
> flag bug-fixes. Additionally a tool is added with Buildroot test cases
> to validate that the hardening options are working correctly.
I forgot to mention the goal of this series is to fix and complete
testing of the existing approach. I do like the concept of changing
to the wrapper and evaluating if we can use GCC spec files, however, I
was hoping we could establish a working baseline first. Then propose
changes to possibly use a more elegant approach.
>
> Stefan Søena
> http://patchwork.ozlabs.org/patch/904057/ (Bugfix)
> http://patchwork.ozlabs.org/patch/904034/ (Bugfix)
>
>
> Matt Weber (Both have been marked as superseded)
> http://patchwork.ozlabs.org/patch/907093/ (Bugfix)
> http://patchwork.ozlabs.org/patch/932853/ (New checksec tool)
>
> A unrelated patch was also included which adds proxy env support for the runtests script.
>
> Matt Weber (2):
> support/testing: runtest proxy support
> support/testing/tests/core: SSP & hardening flags
>
> Paresh Chaudhary (1):
> package/checksec: new package
>
> Stefan Sørensen (3):
> package/Makefile.in: Do not use CPPFLAGS for hardening options
> package/Makefile.in: Add missing options to LDFLAGS for full RELRO
> build
> package/Makefile.in: Use gcc spec files for PIE build flags
>
> package/Config.in.host | 1 +
> package/Makefile.in | 18 +--
> ...cksec-Fixed-issue-with-relative-path.patch | 43 ++++++++
> package/checksec/Config.in.host | 16 +++
> package/checksec/checksec.hash | 3 +
> package/checksec/checksec.mk | 16 +++
> support/testing/infra/builder.py | 6 +
> support/testing/tests/core/test_hardening.py | 104 ++++++++++++++++++
> toolchain/gcc-specs-pie-cc1 | 2 +
> toolchain/gcc-specs-pie-ld | 2 +
> 10 files changed, 202 insertions(+), 9 deletions(-)
> create mode 100644 package/checksec/0001-checksec-Fixed-issue-with-relative-path.patch
> create mode 100644 package/checksec/Config.in.host
> create mode 100644 package/checksec/checksec.hash
> create mode 100644 package/checksec/checksec.mk
> create mode 100644 support/testing/tests/core/test_hardening.py
> create mode 100644 toolchain/gcc-specs-pie-cc1
> create mode 100644 toolchain/gcc-specs-pie-ld
>
> --
> 2.17.0
>
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / RC Linux Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
More information about the buildroot
mailing list