Re: [Buildroot] [PATCH v1] package/ntpsec: fix Stack Smashing Protection detection

From: Peter Seiderer <ps.report@gmx.net>
To: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v1] package/ntpsec: fix Stack Smashing Protection detection
Date: Sat, 11 Feb 2023 18:55:47 +0100	[thread overview]
Message-ID: <20230211185547.59a1fa42@gmx.net> (raw)
In-Reply-To: <20230211164926.GI2796@scaer>

Hello Yann, *,

On Sat, 11 Feb 2023 17:49:26 +0100, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

> Peter, All,
>
> On 2023-02-11 17:32 +0100, Peter Seiderer spake thusly:
> > Fix SSP missdetection (compiler supports '-fstack-protector-all' command
> > line argument but selected libc/toolchain does not support SSP,
> > e.g. i686-musl.
> >
> > Fixes:
> >
> >   - http://autobuild.buildroot.net/results/ded9ad5badbcfa6552443d3ce0866722becfefbd
> >
> >   [...]
> >   Checking if C compiler supports -fstack-protector-all : yes
> >   [...]
> >   Checking for type struct timex                                  : no
> >   The configuration failed
> >   (complete log in .../build/ntpsec-1_2_2/build/config.log)
> >
> >   And from build/ntpsec-1_2_2/build/config.log:
> >
> >   err: .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: test.c.1.o: in function `main':
> >   test.c:(.text.startup+0x2a): undefined reference to `__stack_chk_fail_local'
> >   .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: .../build/ntpsec-1_2_2/build/.conf_check_01f3f794d5b6ffb7add7ce130581ae04/testbuild/main/testprog: hidden symbol `__stack_chk_fail_local' isn't defined
> >   .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: final link failed: bad value
> >   collect2: error: ld returned 1 exit status
> >
> > Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> > ---
> >  package/ntpsec/ntpsec.mk | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk
> > index c7fa2f85a8..18a8353900 100644
> > --- a/package/ntpsec/ntpsec.mk
> > +++ b/package/ntpsec/ntpsec.mk
> > @@ -30,6 +30,15 @@ NTPSEC_DEPENDENCIES = \
> >  	libcap \
> >  	openssl
> >
> > +# prevent '-fstack-protector-all' compiler flag detection without
> > +# ssp support (e.g. i686-musl)
> > +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),)
> > +define NTPSEC_FORCE_DISABLE_SSP
> > +	$(SED) s/fstack-protector-all/fstack-protector-all-disabled/g $(@D)/wscript
> > +endef
> > +endif
> > +NTPSEC_PRE_CONFIGURE_HOOKS += NTPSEC_FORCE_DISABLE_SSP
>
> Assigning to hooks should be done in the conditional if-block, not
> outside.
>
> But in Buildroot, the SSP flags are automatically handled by the
> wrapper, so we should just unconditionally remove said flags as set by
> the package, like was done in 50cbac5099b1 (package/sysvinit: add patch
> to fix compile without stack-protector support) for example (and no,
> that commit was not chosen totally at random ;-) ).

Nice reference ;-), do you prefer the above sed hack unconditionally
(not sure if the wscript will add additional -lssp/-lssp_nonshared if
available) or a patch removing the whole -fstack-protector-all/-lssp/-lssp_nonshared
handling?

Regards,
Peter

>
> Regards,
> Yann E. MORIN.
>
> >  # CC="$(HOSTCC)" is strange but needed to build some host tools, the
> >  # cross-compiler will properly be used to build target code thanks to
> >  # --cross-compiler
> > --
> > 2.39.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot