From patchwork Thu Sep 13 20:26:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 969532 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42B9Cj1j2Bz9s4V for ; Fri, 14 Sep 2018 06:26:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 056098750E; Thu, 13 Sep 2018 20:26:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4C2IXR5GmV_I; Thu, 13 Sep 2018 20:26:17 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 204DD874D4; Thu, 13 Sep 2018 20:26:17 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id CA2701C1011 for ; Thu, 13 Sep 2018 20:26:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C73E687D86 for ; Thu, 13 Sep 2018 20:26:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYac+SfKN4a0 for ; Thu, 13 Sep 2018 20:26:11 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ch3vs01.rockwellcollins.com (ch3vs01.rockwellcollins.com [205.175.226.27]) by whitealder.osuosl.org (Postfix) with ESMTPS id 7DA7988247 for ; Thu, 13 Sep 2018 20:26:11 +0000 (UTC) Received: from ofwch3n02.rockwellcollins.com (HELO dtulimr01.rockwellcollins.com) ([205.175.226.14]) by ch3vs01.rockwellcollins.com with ESMTP; 13 Sep 2018 15:26:10 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by dtulimr01.rockwellcollins.com (Postfix) with ESMTP id 4AAB6601D0; Thu, 13 Sep 2018 15:26:10 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Thu, 13 Sep 2018 15:26:04 -0500 Message-Id: <1536870367-38035-2-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH v3 1/4] toolchain/toolchain-wrapper: add BR2_RELRO_FULL support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" The current implementation is broken for full RELRO as the conditional checking of flag combinations both for compile and link time need to occur at the point of use in a package (GCC/LD invocation using specfile) or be enforced via a toolchain wrapper GCC/LD args adjustment. If the current approach is maintained, a large amount of packages will need to be patched and made aware of this scenario or at a minimum reorder their flag usage to be compatible. I've found this type of patch to be hard to upstream and in some cases touch makefiles that haven't required updates on stable (unmaintained) projects. There have been two main approaches for a solution (specfile vs toolchain wrapper). The specfile approach proposed by Stefan is a working solution and has been tested by me with a few different target package configurations as well as an internal autobuilder regressioning this feature. This solution isn't ideal as it adds another way Buildroot is adjusting flags that may confuse/conflict with the toolchain wrapper approach. (Ref Stefan's patch: http://patchwork.ozlabs.org/patch/942524/) The second option was the addition of a new linker wrapper but after completing that approach, the amount of complexity and new software, seems to out weigh possibly doing a hybrid approach proposed in this patchset. The one main complexity of solely using wrappers, is the fact that the GCC wrapper needs to know if it is being called with LDFLAGS vs not. So it really had to handle both compile and link cases which could overlap. Then the seperate new linker toolchain wrapper would handle the sole linker case. This resulted in extra bookkeeping flags and felt heavy. New linker wrapper example ref: http://patchwork.ozlabs.org/patch/963748/ http://patchwork.ozlabs.org/patch/963743/ The hybrid approach updates the existing GCC wrapper to handle the conditional fix-ups to the CFLAGS and utilizes the linker specfile which would be included when GCC links via LDFLAGS to handle the more basic link time fix-up. The linker specfile would also be included when LD is directly used and satisfy that case. This handles the sunny day scenario where the FLAGS are being used correctly and doesn't try to accomodate/fix package mis-use. It does force the compile time fixup, however when testing I noticed it was not a good idea to try and force the link time behavior (ie. if LDFLAGS were not explicitly provided). In most cases when I forced the link time behavior, I ended up with broken builds (had an offline autobuilder helping me assess this). Link time adjustments for flag usage in the special case, ideally need to be worked as a build output is reviewed on a case by case basis. This also helps manage the situations where autotools and similar build configuration/capability testing, may conflict with flags being forced whenever GCC or LD are invoked. Signed-off-by: Matthew Weber --- Changes v2 -> v3 - Fell back on a linker approach using a spec file and kept compiler flag tweaks in the wrapper v1 -> v2 - Reworked handling of pie/pic/shared to replace each time they occur with a dummy string and then insert the right combination when rebuilding the exec string. - Fixed mix of tabs and spaces - Swapped order of shared and pie. Originally coded it backwards. --- package/Makefile.in | 4 ++-- toolchain/gcc-specs-pie-ld | 2 ++ toolchain/toolchain-wrapper.c | 20 +++++++++++++++++++- toolchain/toolchain-wrapper.mk | 4 ++++ 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 toolchain/gcc-specs-pie-ld diff --git a/package/Makefile.in b/package/Makefile.in index abfdb81..36b5139 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -158,8 +158,8 @@ ifeq ($(BR2_RELRO_PARTIAL),y) TARGET_HARDENED += $(TARGET_CFLAGS_RELRO) TARGET_LDFLAGS += $(TARGET_CFLAGS_RELRO) else ifeq ($(BR2_RELRO_FULL),y) -TARGET_HARDENED += -fPIE $(TARGET_CFLAGS_RELRO_FULL) -TARGET_LDFLAGS += -pie $(TARGET_CFLAGS_RELRO_FULL) +TARGET_HARDENED += $(TARGET_CFLAGS_RELRO_FULL) +TARGET_LDFLAGS += $(TARGET_CFLAGS_RELRO_FULL) -specs=$(TOPDIR)/toolchain/gcc-specs-pie-ld endif ifeq ($(BR2_FORTIFY_SOURCE_1),y) diff --git a/toolchain/gcc-specs-pie-ld b/toolchain/gcc-specs-pie-ld new file mode 100644 index 0000000..bd6b907 --- /dev/null +++ b/toolchain/gcc-specs-pie-ld @@ -0,0 +1,2 @@ +*self_spec: ++ %{!static:%{!shared:%{!r:-pie}}} diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index c5eb813..fbc3fc7 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -49,8 +49,9 @@ static char _date_[sizeof("-D__DATE__=\"MMM DD YYYY\"")]; * -D__TIME__= * -D__DATE__= * -Wno-builtin-macro-redefined + * -fPIE */ -#define EXCLUSIVE_ARGS 6 +#define EXCLUSIVE_ARGS 7 static char *predef_args[] = { #ifdef BR_CCACHE @@ -363,6 +364,23 @@ int main(int argc, char **argv) *cur++ = "-Wno-builtin-macro-redefined"; } +#ifdef BR2_RELRO_FULL + /* Must handle combinations of compiler/link options */ + for (i = 1; i < argc; i++) { + if (!strcmp(argv[i], "-r") || + !strcmp(argv[i], "-fpie") || + !strcmp(argv[i], "-fPIE") || + !strcmp(argv[i], "-fpic") || + !strcmp(argv[i], "-fPIC") || + !strcmp(argv[i], "-fno-pic") || + !strcmp(argv[i], "-static")) + break; + } + if (i == argc) { + *cur++ = "-fPIE"; + } +#endif + paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH"); if (paranoid_wrapper && strlen(paranoid_wrapper) > 0) paranoid = 1; diff --git a/toolchain/toolchain-wrapper.mk b/toolchain/toolchain-wrapper.mk index b8074ef..ec0f128 100644 --- a/toolchain/toolchain-wrapper.mk +++ b/toolchain/toolchain-wrapper.mk @@ -45,6 +45,10 @@ ifeq ($(BR2_CCACHE_USE_BASEDIR),y) TOOLCHAIN_WRAPPER_ARGS += -DBR_CCACHE_BASEDIR='"$(BASE_DIR)"' endif +ifeq ($(BR2_RELRO_FULL),y) +TOOLCHAIN_WRAPPER_ARGS += -DBR2_RELRO_FULL +endif + define TOOLCHAIN_WRAPPER_BUILD $(HOSTCC) $(HOST_CFLAGS) $(TOOLCHAIN_WRAPPER_ARGS) \ -s -Wl,--hash-style=$(TOOLCHAIN_WRAPPER_HASH_STYLE) \ From patchwork Thu Sep 13 20:26:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 969531 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42B9Cd4Jzcz9s9N for ; Fri, 14 Sep 2018 06:26:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D7EC7873FB; Thu, 13 Sep 2018 20:26:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AeIhOU4QgHCi; Thu, 13 Sep 2018 20:26:15 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9FC25874D2; Thu, 13 Sep 2018 20:26:15 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id B752B1C1011 for ; Thu, 13 Sep 2018 20:26:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B4BA387D86 for ; Thu, 13 Sep 2018 20:26:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id en04xsp1rSlf for ; Thu, 13 Sep 2018 20:26:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ch3vs01.rockwellcollins.com (ch3vs01.rockwellcollins.com [205.175.226.27]) by whitealder.osuosl.org (Postfix) with ESMTPS id 0275B88273 for ; Thu, 13 Sep 2018 20:26:11 +0000 (UTC) Received: from ofwch3n02.rockwellcollins.com (HELO dtulimr01.rockwellcollins.com) ([205.175.226.14]) by ch3vs01.rockwellcollins.com with ESMTP; 13 Sep 2018 15:26:10 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by dtulimr01.rockwellcollins.com (Postfix) with ESMTP id 74F9A60249; Thu, 13 Sep 2018 15:26:10 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Thu, 13 Sep 2018 15:26:05 -0500 Message-Id: <1536870367-38035-3-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH v3 2/4] toolchain/toolchain-wrapper: add BR2_SSP_* support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Migrate the stack protection flag management into the wrapper. Signed-off-by: Matthew Weber --- Changes v2 -> v3 - Rebased, nothing functional v1 -> v2 - None. --- package/Makefile.in | 8 -------- toolchain/toolchain-wrapper.c | 9 +++++++++ toolchain/toolchain-wrapper.mk | 8 ++++++++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/package/Makefile.in b/package/Makefile.in index 36b5139..83d58f8 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -146,14 +146,6 @@ TARGET_CFLAGS_RELRO_FULL = -Wl,-z,now $(TARGET_CFLAGS_RELRO) TARGET_LDFLAGS = $(call qstrip,$(BR2_TARGET_LDFLAGS)) -ifeq ($(BR2_SSP_REGULAR),y) -TARGET_HARDENED += -fstack-protector -else ifeq ($(BR2_SSP_STRONG),y) -TARGET_HARDENED += -fstack-protector-strong -else ifeq ($(BR2_SSP_ALL),y) -TARGET_HARDENED += -fstack-protector-all -endif - ifeq ($(BR2_RELRO_PARTIAL),y) TARGET_HARDENED += $(TARGET_CFLAGS_RELRO) TARGET_LDFLAGS += $(TARGET_CFLAGS_RELRO) diff --git a/toolchain/toolchain-wrapper.c b/toolchain/toolchain-wrapper.c index fbc3fc7..df3607e 100644 --- a/toolchain/toolchain-wrapper.c +++ b/toolchain/toolchain-wrapper.c @@ -95,6 +95,15 @@ static char *predef_args[] = { #if defined(BR_MIPS_TARGET_BIG_ENDIAN) || defined(BR_ARC_TARGET_BIG_ENDIAN) "-EB", #endif +#ifdef BR_SSP_REGULAR + "-fstack-protector", +#endif +#ifdef BR_SSP_STRONG + "-fstack-protector-strong", +#endif +#ifdef BR_SSP_ALL + "-fstack-protector-all", +#endif #ifdef BR_ADDITIONAL_CFLAGS BR_ADDITIONAL_CFLAGS #endif diff --git a/toolchain/toolchain-wrapper.mk b/toolchain/toolchain-wrapper.mk index ec0f128..ec598b7 100644 --- a/toolchain/toolchain-wrapper.mk +++ b/toolchain/toolchain-wrapper.mk @@ -49,6 +49,14 @@ ifeq ($(BR2_RELRO_FULL),y) TOOLCHAIN_WRAPPER_ARGS += -DBR2_RELRO_FULL endif +ifeq ($(BR2_SSP_REGULAR),y) +TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_REGULAR +else ifeq ($(BR2_SSP_STRONG),y) +TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_STRONG +else ifeq ($(BR2_SSP_ALL),y) +TOOLCHAIN_WRAPPER_ARGS += -DBR_SSP_ALL +endif + define TOOLCHAIN_WRAPPER_BUILD $(HOSTCC) $(HOST_CFLAGS) $(TOOLCHAIN_WRAPPER_ARGS) \ -s -Wl,--hash-style=$(TOOLCHAIN_WRAPPER_HASH_STYLE) \ From patchwork Thu Sep 13 20:26:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 969533 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42B9Cj6s6Vz9s9N for ; Fri, 14 Sep 2018 06:26:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C239B30390; Thu, 13 Sep 2018 20:26:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86dEeX4wbgOq; Thu, 13 Sep 2018 20:26:19 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 6FC1D2264C; Thu, 13 Sep 2018 20:26:19 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 213881C1011 for ; Thu, 13 Sep 2018 20:26:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 1E84C2264C for ; Thu, 13 Sep 2018 20:26:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdGw6Iyz4j9G for ; Thu, 13 Sep 2018 20:26:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from secvs02.rockwellcollins.com (secvs02.rockwellcollins.com [205.175.225.241]) by silver.osuosl.org (Postfix) with ESMTPS id EDA1522649 for ; Thu, 13 Sep 2018 20:26:11 +0000 (UTC) Received: from ofwgwc03.rockwellcollins.com (HELO dtulimr01.rockwellcollins.com) ([205.175.225.12]) by secvs02.rockwellcollins.com with ESMTP; 13 Sep 2018 15:26:10 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by dtulimr01.rockwellcollins.com (Postfix) with ESMTP id 9581960294; Thu, 13 Sep 2018 15:26:10 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Thu, 13 Sep 2018 15:26:06 -0500 Message-Id: <1536870367-38035-4-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH v3 3/4] BR2_FORTIFY*: toolchain wrapper limitation note X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Adds a comment to the definition of the fortify flag that there are some limitations to using the toolchain wrapper to set it. Ideally the optimization settings would also need to migrate to the wrapper but I believe a similar situation would occur where the forcing of optimzation would be hard to maintain universally. Signed-off-by: Matthew Weber --- Changes v3 - New patch --- package/Makefile.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package/Makefile.in b/package/Makefile.in index 83d58f8..085e8e3 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -154,6 +154,10 @@ TARGET_HARDENED += $(TARGET_CFLAGS_RELRO_FULL) TARGET_LDFLAGS += $(TARGET_CFLAGS_RELRO_FULL) -specs=$(TOPDIR)/toolchain/gcc-specs-pie-ld endif +# The FORTIFY flag must remain in the CFLAGS variable as forcing through a +# wrapper results in configuration test failures in packages like linux-tools +# which may not always specify an optimization level that's compatible with +# this option and result in a compile failure. ifeq ($(BR2_FORTIFY_SOURCE_1),y) TARGET_HARDENED += -D_FORTIFY_SOURCE=1 else ifeq ($(BR2_FORTIFY_SOURCE_2),y) From patchwork Thu Sep 13 20:26:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 969530 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42B9Cc6qwtz9s4V for ; Fri, 14 Sep 2018 06:26:20 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0FD318888D; Thu, 13 Sep 2018 20:26:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xk6v0DBBc9J7; Thu, 13 Sep 2018 20:26:18 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 6C6B6886A8; Thu, 13 Sep 2018 20:26:18 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id CB0E81C2E3A for ; Thu, 13 Sep 2018 20:26:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id C8CB1886A8 for ; Thu, 13 Sep 2018 20:26:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GkXf9NujLAd for ; Thu, 13 Sep 2018 20:26:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from secvs01.rockwellcollins.com (secvs01.rockwellcollins.com [205.175.225.240]) by hemlock.osuosl.org (Postfix) with ESMTPS id 062D9884CF for ; Thu, 13 Sep 2018 20:26:11 +0000 (UTC) Received: from ofwgwc03.rockwellcollins.com (HELO dtulimr01.rockwellcollins.com) ([205.175.225.12]) by secvs01.rockwellcollins.com with ESMTP; 13 Sep 2018 15:26:10 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by dtulimr01.rockwellcollins.com (Postfix) with ESMTP id B5F38601D0; Thu, 13 Sep 2018 15:26:10 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Thu, 13 Sep 2018 15:26:07 -0500 Message-Id: <1536870367-38035-5-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1536870367-38035-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH v3 4/4] support/testing/tests/core: SSP & hardening flags X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Catch the commonly used options of SSP, Relro, and fortify. Using the package targets of busybox and lighttpd. This can easily be expanded to a larger list. Signed-off-by: Matthew Weber --- Changes v1 -> v3 (link wrapper patchset) - None Original v4 -> v1 of link wrapper patchset - Added back in busybox test case v3 -> v4 - Removed commented out lines I missed when I removed busybox - Removed duplicate fortify assertion test v2 -> v3 [Matt - Removed the busybox target as without the link time wrapper/specfile being merged the build will fail. Link time conflict between use of 'r' and pie. [Thomas - Add clarificaion of what checksec can test - Reworked using inheritance - Relocated json load (removed duplication) v1 -> v2 [Ricardo - Fix flake8 warnings - Added missing busyfox pie assertions - Updated the yml to include new test cases --- .gitlab-ci.yml | 6 ++ support/testing/tests/core/test_hardening.py | 110 +++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 support/testing/tests/core/test_hardening.py diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d4807c5..4048821 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -262,6 +262,12 @@ tests.boot.test_atf.TestATFAllwinner: *runtime_test tests.boot.test_atf.TestATFMarvell: *runtime_test tests.boot.test_atf.TestATFVexpress: *runtime_test tests.core.test_file_capabilities.TestFileCapabilities: *runtime_test +tests.core.test_hardening.TestFortifyConserv: *runtime_test +tests.core.test_hardening.TestFortifyNone: *runtime_test +tests.core.test_hardening.TestRelro: *runtime_test +tests.core.test_hardening.TestRelroPartial: *runtime_test +tests.core.test_hardening.TestSspNone: *runtime_test +tests.core.test_hardening.TestSspStrong: *runtime_test tests.core.test_post_scripts.TestPostScripts: *runtime_test tests.core.test_rootfs_overlay.TestRootfsOverlay: *runtime_test tests.core.test_timezone.TestGlibcAllTimezone: *runtime_test diff --git a/support/testing/tests/core/test_hardening.py b/support/testing/tests/core/test_hardening.py new file mode 100644 index 0000000..9f26962 --- /dev/null +++ b/support/testing/tests/core/test_hardening.py @@ -0,0 +1,110 @@ +import os +import subprocess +import json + +import infra.basetest + + +class TestHardeningBase(infra.basetest.BRTest): + config = \ + """ + BR2_powerpc64=y + BR2_powerpc_e5500=y + BR2_TOOLCHAIN_EXTERNAL=y + BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y + BR2_TOOLCHAIN_EXTERNAL_URL="https://toolchains.bootlin.com/downloads/releases/toolchains/powerpc64-e5500/tarballs/powerpc64-e5500--glibc--stable-2018.02-2.tar.bz2" + BR2_TOOLCHAIN_EXTERNAL_GCC_6=y + BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_1=y + BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y + BR2_TOOLCHAIN_EXTERNAL_CXX=y + BR2_PACKAGE_LIGHTTPD=y + BR2_PACKAGE_HOST_CHECKSEC=y + # BR2_TARGET_ROOTFS_TAR is not set + """ + + checksec_files = ["usr/sbin/lighttpd","bin/busybox"] + + def checksec_run(self, target_file): + filepath = os.path.join(self.builddir, "target", target_file) + cmd = ["host/bin/checksec", "--output", "json", "--file", filepath] + # Checksec is being used for elf file analysis only. There are no + # assumptions of target/run-time checks as part of this testing. + ret = subprocess.check_output(cmd, + stderr=open(os.devnull, "w"), + cwd=self.builddir, + env={"LANG": "C"}) + return json.loads(ret) + + +class TestRelro(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_RELRO_FULL=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertEqual(out["file"]["relro"], "full") + self.assertEqual(out["file"]["pie"], "yes") + + +class TestRelroPartial(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_RELRO_PARTIAL=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertEqual(out["file"]["relro"], "partial") + self.assertEqual(out["file"]["pie"], "no") + + +class TestSspNone(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_SSP_NONE=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertEqual(out["file"]["canary"], "no") + + +class TestSspStrong(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_SSP_STRONG=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertEqual(out["file"]["canary"], "yes") + + +class TestFortifyNone(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_FORTIFY_SOURCE_NONE=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertEqual(out["file"]["fortified"], "0") + + +class TestFortifyConserv(TestHardeningBase): + config = TestHardeningBase.config + \ + """ + BR2_FORTIFY_SOURCE_1=y + """ + + def test_run(self): + for f in self.checksec_files: + out = self.checksec_run(f) + self.assertNotEqual(out["file"]["fortified"], "0")