From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 5/6] package/checksec: new package
Date: Sat, 11 Aug 2018 12:30:49 +0200 [thread overview]
Message-ID: <20180811123049.16cac0d3@windsurf> (raw)
In-Reply-To: <CANQCQpY2V8pnzkro2-Y4DnDXFTC0DnwsD8JX6f1xpj_YxbhajA@mail.gmail.com>
Hello Matt,
On Fri, 10 Aug 2018 19:57:06 -0500, Matthew Weber wrote:
> > When I look at this and the comment from the maintainer at [0], I am
> > not sure about the usefulness of such a tool in the context of
> > Buildroot. Chrooting into the target filesystem is generally not
> > possible, because the target architecture is different than the build
> > system architecture. To me, this limitation makes the tool essentially
> > useless in the context of Buildroot. Could you comment on this a bit
> > more ?
>
> The tool tests a lot of items related to hardening and we were
> originally trying to get the full set working. In reality we only
> needed the core items that show us ASLR related items. The tool is
> made up of scripts and uses readelf for the ASLR piece. Thus it works
> fine for a host (offline)target filesystem check of executable ALSR
> requirements. However, I can add a note stating what doesn't work
> correctly. There are test cases it has that use live proc information
> and the system libraries, etc.
Yes, something more specific than the vague explanation in the proposed
Config.in help text would be good.
> > Also, the formulation "requires discretion of which the test may not
> > report consistently vs chroot/on-target" doesn't make any sense to me.
>
> I can make a list do this is definitive.
OK, good.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2018-08-11 10:30 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-11 14:31 [Buildroot] [PATCH 0/6] Hardening Flag Bugfix/Enhancement Matt Weber
2018-07-11 14:31 ` [Buildroot] [PATCH 1/6] package/Makefile.in: Do not use CPPFLAGS for hardening options Matt Weber
2018-07-11 21:14 ` Arnout Vandecappelle
2018-08-10 20:31 ` Thomas Petazzoni
2018-07-11 14:31 ` [Buildroot] [PATCH 2/6] package/Makefile.in: Add missing options to LDFLAGS for full RELRO build Matt Weber
2018-07-11 21:26 ` Arnout Vandecappelle
2018-08-10 20:33 ` Thomas Petazzoni
2018-07-11 14:31 ` [Buildroot] [PATCH 3/6] package/Makefile.in: Use gcc spec files for PIE build flags Matt Weber
2018-07-11 21:44 ` Arnout Vandecappelle
2018-07-11 23:17 ` Matthew Weber
2018-07-13 9:39 ` Arnout Vandecappelle
2018-07-13 12:31 ` Matthew Weber
2018-07-19 9:49 ` Sørensen, Stefan
2018-07-19 12:58 ` Matthew Weber
2018-07-19 13:10 ` Sørensen, Stefan
2018-08-07 17:02 ` Matthew Weber
2018-08-07 17:20 ` Matthew Weber
2018-08-08 7:24 ` Jan Kundrát
2018-08-08 8:35 ` Jan Kundrát
2018-08-08 11:38 ` Matthew Weber
2018-08-09 14:32 ` Matthew Weber
2018-08-28 20:07 ` Matthew Weber
2018-08-10 20:50 ` Thomas Petazzoni
2018-08-11 0:42 ` Matthew Weber
2018-08-11 10:29 ` Thomas Petazzoni
2018-08-12 3:55 ` Matthew Weber
2018-08-12 7:41 ` Thomas Petazzoni
2018-08-12 12:49 ` Matthew Weber
2018-08-12 15:07 ` Thomas Petazzoni
2018-08-12 21:20 ` Arnout Vandecappelle
2018-07-11 14:31 ` [Buildroot] [PATCH 4/6] support/testing: runtest proxy support Matt Weber
2018-07-11 21:47 ` Arnout Vandecappelle
2018-08-10 20:51 ` Thomas Petazzoni
2018-08-11 0:30 ` Matthew Weber
2018-08-11 1:03 ` Matthew Weber
2018-07-11 14:31 ` [Buildroot] [PATCH 5/6] package/checksec: new package Matt Weber
2018-08-10 20:58 ` Thomas Petazzoni
2018-08-11 0:57 ` Matthew Weber
2018-08-11 10:30 ` Thomas Petazzoni [this message]
2018-07-11 14:31 ` [Buildroot] [PATCH 6/6] support/testing/tests/core: SSP & hardening flags Matt Weber
2018-07-16 1:32 ` Ricardo Martincoski
2018-07-17 2:53 ` Matthew Weber
2018-07-17 3:05 ` Matthew Weber
2018-07-12 11:44 ` [Buildroot] [PATCH 0/6] Hardening Flag Bugfix/Enhancement Matthew Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180811123049.16cac0d3@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.