From: Romain Naour <romain.naour@openwide.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths
Date: Mon, 08 Dec 2014 23:51:24 +0100 [thread overview]
Message-ID: <54862B6C.5040801@openwide.fr> (raw)
In-Reply-To: <1417470913-1280-3-git-send-email-thomas.petazzoni@free-electrons.com>
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils 2.24, and modified to support
> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
> instead of just warn when unsafe paths are used. Even though erroring
> out can be chosen by passing --error-poison-system-directories, we are
> not sure this option in LDFLAGS will always be passed, so having an
> environment variable guarantees it will always be passed, and also
> allows to have an identical behavior to the external toolchain
> wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_24=y
BR2_BINUTILS_VERSION="2.24"
BR2_GCC_VERSION_4_9_X=y
BR2_GCC_VERSION="4.9.2"
and lmbench poisoned by LDFLAGS="-L/usr/lib $(LMBENCH_LDFLAGS)"
$ make O=test/paranoid-2/ lmbench
/home/naourr/git/buildroot/test/paranoid-2/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-DHAVE_off64_t -DHAVE_lseek64 -DRUSAGE -DHAVE_uint=1 -DHAVE_int64_t=1
-DHAVE_pmap_clnt_h -DHAVE_socklen_t -DHAVE_DRAND48 -DHAVE_SCHED_SETAFFINITY=1
-L/usr/lib -o ../bin/i686/msleep msleep.c
/home/naourr/git/buildroot/test/paranoid-2/host/usr/lib/gcc/i686-buildroot-linux-gnu/4.9.2/../../../../i686-buildroot-linux-gnu/bin/ld:
error: library search path "/usr/lib" is unsafe for cross-compilation
gmake[2]: *** [../bin/i686/msleep] Erreur 1
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
next prev parent reply other threads:[~2014-12-08 22:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
2014-12-06 16:57 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths Thomas Petazzoni
2014-12-08 22:51 ` Romain Naour [this message]
2014-12-01 21:55 ` [Buildroot] [PATCHv2 03/12] binutils/2.23: " Thomas Petazzoni
2014-12-06 17:23 ` Romain Naour
2014-12-08 21:55 ` Romain Naour
2014-12-08 22:51 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 04/12] binutils/2.22: " Thomas Petazzoni
2014-12-08 22:51 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: " Thomas Petazzoni
2014-12-08 22:58 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 07/12] gcc/4.8: " Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: " Thomas Petazzoni
2014-12-08 22:59 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 09/12] gcc/4.7: " Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 10/12] gcc: enable poison system directories option Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 11/12] binutils: " Thomas Petazzoni
2014-12-08 22:55 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking Thomas Petazzoni
2014-12-06 17:08 ` Romain Naour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54862B6C.5040801@openwide.fr \
--to=romain.naour@openwide.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox