[OpenWrt-Devel] [PATCH] ppp: activate PIE ASLR by default
Felix Fietkau
nbd at nbd.name
Sat Feb 22 06:43:35 EST 2020
On 2020-02-22 10:22, Stijn Tintel wrote:
> On 22/02/2020 11:10, Felix Fietkau wrote:
>> On 2020-02-22 09:54, Stijn Tintel wrote:
>>> On 20/02/2020 11:56, Petr Štetiar wrote:
>>>> This activates PIE ASLR support by default when the regular option is
>>>> selected.
>>>>
>>> Unfortunately this seems to break build on x86/64:
>>>
>>> x86_64-openwrt-linux-musl-gcc -O2 -pipe -fno-caller-saves -fno-plt
>>> -fhonour-copts -Wno-error=unused-but-set-variable
>>> -Wno-error=unused-result
>>> -ffile-prefix-map=/home/stijn/Development/LEDE/source/build_dir/target-x86_64_musl/linux-x86_64/ppp-default/ppp-2.4.8=ppp-2.4.8
>>> -Wformat -Werror=format-security -fpic -fstack-protector-strong
>>> -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -ffunction-sections
>>> -fdata-sections -flto -DHAVE_PATHS_H -DHAVE_MMAP -I../include
>>> '-DDESTDIR="/usr"' -DCHAPMS=1 -DMPPE=1 -DHAS_SHADOW -DHAVE_CRYPT_H=1
>>> -DUSE_CRYPT=1 -DPLUGIN -DPPP_FILTER -DPPP_PRECOMPILED_FILTER
>>> -I/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/include
>>> -DINET6=1 -DMAXOCTETS
>>> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib
>>> -L/home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/lib
>>> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/usr/lib
>>> -L/home/stijn/Development/LEDE/source/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/lib
>>> -fpic
>>> -specs=/home/stijn/Development/LEDE/source/include/hardened-ld-pie.specs
>>> -znow -zrelro -Wl,--gc-sections -flto -fuse-linker-plugin -Wl,-E -o
>>> pppd main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o
>>> ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o eap.o
>>> chap-md5.o session.o md4.o chap_ms.o sha1.o pppcrypt.o pcap_pcc.o
>>> ipv6cp.o eui64.o -lcrypt -ldl
>>> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a
>>> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
>>> /home/stijn/Development/LEDE/source/staging_dir/target-x86_64_musl/usr/lib/libpcap.a(bpf_filter.c.o):
>>> relocation R_X86_64_32S against `.rodata' can not be used when making a
>>> PIE object; recompile with -fPIC
>>> /home/build/openwrt/staging_dir/toolchain-x86_64_gcc-8.3.0_musl/bin/../lib/gcc/x86_64-openwrt-linux-musl/8.3.0/../../../../x86_64-openwrt-linux-musl/bin/ld:
>>> final link failed: nonrepresentable section on output
>>> collect2: error: ld returned 1 exit status
>>>
>>> So NACK from me until this is fixed.
>> This one can most likely be fixed by setting PKG_ASLR_PIE_REGULAR:=1 in
>> libpcap as well. That way -fPIC gets passed for the static library build.
>>
> Interesting. I've added this in the libpcap Makefile and that seems to
> fix it. But I am actually building with CONFIG_PKG_ASLR_PIE_ALL=y, so
> would assume it would enable PIE even if PKG_ASLR_PIE_REGULAR is not set
> in the Makefile. Anyway, I'll send a patch for libpcap, thanks for the
> suggestion.
Maybe it was built before you made that config change? It seems to me
that the ALSR_PIE stuff is missing some PKG_CONFIG_DEPENDS handling.
- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list