From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [RFC PATCH] toolchain-external: instrument wrapper to warn about unsafe paths
Date: Tue, 11 Feb 2014 01:33:27 +0100 [thread overview]
Message-ID: <20140211003326.GH5239@free.fr> (raw)
In-Reply-To: <1392074881-12508-1-git-send-email-thomas.petazzoni@free-electrons.com>
Thomas, All,
On 2014-02-11 00:28 +0100, Thomas Petazzoni spake thusly:
> The CodeSourcery toolchains have a very interesting feature: they warn
> the user when an unsafe header or library path is used, i.e a path
> that will lead host headers or libraries to leak into the build.
>
> This commit adds a similar functionality into our external toolchain
> wrapper, so that it can be used with all external toolchains, and can
> also be tuned as needed. By default, the external toolchain wrapper
> now gives warnings such as:
>
> WARNING: unsafe header/library path used in cross-compilation: '-I /usr/foo'
> WARNING: unsafe header/library path used in cross-compilation: '-L /usr/bleh'
>
> but the compilation continues successfully. One can then easily grep
> in his build log to search for occurences of this message.
>
> Optionally, if BR_PARANOID_WRAPPER is defined in the environment, the
> external wrapper will instead error out and abort the compilation. We
> could then one day imagine setting this BR_PARANOID_WRAPPER in the
> autobuilders.
I think I'd prefer we do as for BR_DEBUG_WRAPPER:
BR2_PARANOID_WRAPPER undefined or empty: nothing
BR2_PARANOID_WRAPPER=WARNING : warning
BR2_PARANOID_WRAPPER=ERROR : error out
(or use numbers if you prefer)
Side-note: BR_DEBUG_WRAPPER should probably be renamed to
BR2_DEBUG_WRAPPER, to follow the newly-stated naming scheme, no?
> A similar change could be made to the internal toolchain backend
> either by making it use a wrapper like the external toolchain one, or
> by adding some patches to gcc, by borrowing the changes made by the
> CodeSourcery people.
Maybe it would be best to not duplicate this, and always use the
wrapper, even for the internal backend?
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
> .../toolchain-external/ext-toolchain-wrapper.c | 27 ++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/toolchain/toolchain-external/ext-toolchain-wrapper.c b/toolchain/toolchain-external/ext-toolchain-wrapper.c
> index 81c6ed1..c8dcad5 100644
> --- a/toolchain/toolchain-external/ext-toolchain-wrapper.c
> +++ b/toolchain/toolchain-external/ext-toolchain-wrapper.c
> @@ -77,6 +77,7 @@ int main(int argc, char **argv)
> char *progpath = argv[0];
> char *basename;
> char *env_debug;
> + char *paranoid_wrapper;
> int ret, i, count = 0, debug;
>
> /* Calculate the relative paths */
> @@ -178,6 +179,32 @@ int main(int argc, char **argv)
> }
> #endif /* ARCH || TUNE || CPU */
>
> + paranoid_wrapper = getenv("BR_PARANOID_WRAPPER");
> +
> + /* Check for unsafe library and header paths */
> + for (i = 1; i < argc; i++) {
> + if (!strncmp(argv[i], "-I/usr", strlen("-I/usr")) ||
> + !strncmp(argv[i], "-L/usr", strlen("-L/usr"))) {
No need for strncmp: you're comparing to a constant, so it will not
overflow.
Also, using strlen on an argument of strncmp is flawed to begin with.
For strncmp(a, b, strlen(b)) :
- if 'b' is a constant, there's no need for strncmp to begin with
- if 'b' is a user-supplied value, strlen will happily go west, and
will not protect strncmp anyway.
> + fprintf(stderr, "%s: unsafe header/library path used in cross-compilation: '%s'\n",
> + paranoid_wrapper ? "ERROR" : "WARNING", argv[i]);
> + if (paranoid_wrapper)
> + exit(1);
> + continue;
> + }
> +
> + if (!strcmp(argv[i], "-L") || !strcmp(argv[i], "-I")) {
And here you're using strcmp.
> + if (i == argc)
> + continue;
> + if (!strncmp(argv[i+1], "/usr", strlen("/usr"))) {
Ditto strncmp.
> + fprintf(stderr, "%s: unsafe header/library path used in cross-compilation: '%s %s'\n",
> + paranoid_wrapper ? "ERROR" : "WARNING", argv[i], argv[i + 1]);
> + if (paranoid_wrapper)
> + exit(1);
> + continue;
> + }
> + }
> + }
> +
> /* append forward args */
> memcpy(cur, &argv[1], sizeof(char *) * (argc - 1));
> cur += argc - 1;
Otherwise, I like the idea pretty much! :-)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2014-02-11 0:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-10 23:28 [Buildroot] [RFC PATCH] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
2014-02-11 0:33 ` Yann E. MORIN [this message]
2014-02-11 8:18 ` Thomas Petazzoni
2014-02-11 17:53 ` Yann E. MORIN
2014-02-11 6:21 ` Baruch Siach
2014-02-11 8:24 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140211003326.GH5239@free.fr \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.