[OpenWrt-Devel] Hardening Issues / Revert r46146 ?
Dirk Neukirchen
dirkneukirchen at web.de
Wed Jul 8 01:15:02 EDT 2015
r46146 change broke uclibc compile in x86/x86_64 target/linux/install with Error:
arch/x86/Makefile:114: stack-protector enabled but compiler support broken
Reason in Config-build.in:
depends on USE_MUSL -> means no PKG_CC_STACKPROTECTOR_REGULAR or PKG_CC_STACKPROTECTOR_STRONG are set
toolchain/uClibc/common.mk has
-e 's,^.*UCLIBC_HAS_SSP[^_].*,UCLIBC_HAS_SSP=$(if $(or $(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),$(CONFIG_PKG_CC_STACKPROTECTOR_STRONG)),y,n),g' \
which now will set
UCLIBC_HAS_SSP=n
This breaks compiler support because Kernel SSP is enabled by default
- the Kernel runs <kernel_dir>/scripts/gcc-x86_<bits>-has-stack-protector.sh
to determine support/breakage
Reading documentation like [1]
suggests that SSP (Stack Smashing Protection) should work with
a GCC that has "--disable libssp" (toolchain/gcc/common.mk), because uclibc and glibc do
provide these since 2005/2006 according to commits/versions involved.
[2] : "GCC does not have to provide libssp, the needed functions are added to ldso/libc instead."
References:
[1] http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
[2] http://git.buildroot.net/uClibc/tree/extra/Configs/Config.in
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list