From: Arnout Vandecappelle <arnout@mind.be>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 2/2] security hardening: add RELFO, FORTIFY options
Date: Tue, 7 Nov 2017 10:08:19 +0100 [thread overview]
Message-ID: <00a38063-e166-6ba4-6927-b90285ce031e@mind.be> (raw)
In-Reply-To: <CANQCQpZekGq2j7d0KJ=gaJSKUe8YBHm-G8QLyTiMJmsdv7r02A@mail.gmail.com>
Matt, please snip away some text when replying to a long mail, otherwise it's
difficult to find back your answer in the middle of the long quote.
On 07-11-17 04:25, Matthew Weber wrote:
> Arnout,
>
> On Mon, Nov 6, 2017 at 6:08 PM, Matthew Weber
> <matthew.weber@rockwellcollins.com> wrote:
>> Arnout,
>>
>> On Mon, Nov 6, 2017 at 3:14 PM, Arnout Vandecappelle <arnout@mind.be> wrote:
[snip]
>>> Do you know how these behave in uClibc and musl? Waldemar, any idea?
>>> Obviously
>>> the gcc part will still be activated, which covers about half of the
>>> functionality.
>>>
>>
>> Checking on the answer, but we ran through the complete test-pkg build list.
>> I'll see which were skipped. We didn't see specific failures.
>>
>
> The set of test packages I used ended up forcing a glibc only test-pkg
> build. I'll rerun with a basic busybox scenario.
It will build, that's for sure. My question is: will it actually do anything
useful? The effect of fortify is shared a bit between GCC and glibc. E.g.
'memset' has a GCC implementation (used when it can be inlined) and a glibc
implementation (used when it's too big or unpredictable). As far as I can see,
neither uClibc nor musl have support for FORTIFY. So only the GCC part will take
effect. But I think that that is so little that it's hardly worth it.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
next prev parent reply other threads:[~2017-11-07 9:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 12:59 [Buildroot] [PATCH v2 1/2] stack protector: moved option out of adv menu Matt Weber
2017-10-25 12:59 ` [Buildroot] [PATCH v2 2/2] security hardening: add RELFO, FORTIFY options Matt Weber
2017-11-06 21:14 ` Arnout Vandecappelle
2017-11-07 0:08 ` Matthew Weber
2017-11-07 3:25 ` Matthew Weber
2017-11-07 9:08 ` Arnout Vandecappelle [this message]
2017-11-07 19:31 ` Waldemar Brodkorb
2017-11-07 20:42 ` Arnout Vandecappelle
2017-11-08 2:01 ` Stefan Fröberg
2017-11-11 10:42 ` Arnout Vandecappelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00a38063-e166-6ba4-6927-b90285ce031e@mind.be \
--to=arnout@mind.be \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox