[OpenWrt-Devel] [PATCH] ppp: activate PIE ASLR by default

Stijn Tintel stijn at linux-ipv6.be
Sat Feb 22 04:22:08 EST 2020


On 22/02/2020 11:10, Felix Fietkau wrote:
> On 2020-02-22 09:54, Stijn Tintel wrote:
>> On 20/02/2020 11:56, Petr Štetiar wrote:
>>> This activates PIE ASLR support by default when the regular option is
>>> selected.
>>>
>> Unfortunately this seems to break build on x86/64:
>>
>> x86_64-openwrt-linux-musl-gcc -O2 -pipe -fno-caller-saves -fno-plt
>> -fhonour-copts -Wno-error=unused-but-set-variable
>> -Wno-error=unused-result
>> -ffile-prefix-map=/home/stijn/Development/LEDE/source/build_dir/target-x86_64_musl/linux-x86_64/ppp-default/ppp-2.4.8=ppp-2.4.8
>> -Wformat -Werror=format-security -fpic -fstack-protector-strong
>> -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -ffunction-sections
>> -fdata-sections -flto -DHAVE_PATHS_H -DHAVE_MMAP -I../include
>> '-DDESTDIR="/usr"' -DCHAPMS=1 -DMPPE=1 -DHAS_SHADOW -DHAVE_CRYPT_H=1
>> -DUSE_CRYPT=1 -DPLUGIN -DPPP_FILTER -DPPP_PRECOMPILED_FILTER
>> -I/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/include
>> -DINET6=1 -DMAXOCTETS
>> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib
>> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/lib
>> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/usr/lib
>> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/lib
>> -fpic
>> -specs=/home/stijn/Development/LEDE/source/include/hardened-ld-pie.specs
>> -znow -zrelro -Wl,--gc-sections -flto -fuse-linker-plugin  -Wl,-E -o
>> pppd main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o
>> ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o eap.o
>> chap-md5.o session.o md4.o chap_ms.o sha1.o pppcrypt.o pcap_pcc.o
>> ipv6cp.o eui64.o  -lcrypt -ldl
>> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a
>> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
>> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a(bpf_filter.c.o):
>> relocation R_X86_64_32S against `.rodata' can not be used when making a
>> PIE object; recompile with -fPIC
>> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
>> final link failed: nonrepresentable section on output
>> collect2: error: ld returned 1 exit status
>>
>> So NACK from me until this is fixed.
> This one can most likely be fixed by setting PKG_ASLR_PIE_REGULAR:=1 in
> libpcap as well. That way -fPIC gets passed for the static library build.
>
Interesting. I've added this in the libpcap Makefile and that seems to
fix it. But I am actually building with CONFIG_PKG_ASLR_PIE_ALL=y, so
would assume it would enable PIE even if PKG_ASLR_PIE_REGULAR is not set
in the Makefile. Anyway, I'll send a patch for libpcap, thanks for the
suggestion.

Stijn


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list